asyncrat | d3a452c7dd9039acac94b60bec2c90d3bb656756ae7e18a50b328d6fe22e80cf

Analysis

max time kernel
35s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2024 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ngrclub-protected.exe
Size

3.0MB
MD5

209ce82914f67632c011132bc09a1584
SHA1

eb565f108a63b3f78ea3cefbaec1d845663c671f
SHA256

d3a452c7dd9039acac94b60bec2c90d3bb656756ae7e18a50b328d6fe22e80cf
SHA512

fa47be79234d6805ce37a37cfe1bbf2792dba42ed60914d7b8fc9905bd59b0e483bbadf0a8abcffab07885eb6ea5dfa4d2271fb24fc8099d268b0549f701be87
SSDEEP

49152:LdWnZHdTB1mIkDa1lS5x4hxQJxG9d213ChYfKMjObIOZc/HyVSUwTPGlOVZNB2zg:LdWZHZB1UenSooxGf2CGfKYOvm/SVcjX

Score

10^/10

asyncrat versace.wtf evasion rat themida trojan

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Versace.WTF

45.128.36.146:8848

Mutex

fhfsf69fga86gf78525845rt2867752456877777777777777777777

Attributes

delay
1
install
true
install_file
msedge.exe
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 5 IoCs

rat

resource	yara_rule
behavioral1/memory/2204-3-0x0000000000FD0000-0x0000000001768000-memory.dmp	asyncrat
behavioral1/memory/2204-4-0x0000000000FD0000-0x0000000001768000-memory.dmp	asyncrat
behavioral1/files/0x000c00000002314b-9.dat	asyncrat
behavioral1/memory/1452-23-0x0000000000200000-0x0000000000212000-memory.dmp	asyncrat
behavioral1/memory/2204-22-0x0000000000FD0000-0x0000000001768000-memory.dmp	asyncrat

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	ngrclub-protected.exe

Blocklisted process makes network request 2 IoCs

flow	pid	Process
27	4876	Process not Found
30	4876	Process not Found

Stops running service(s) 3 TTPs
evasion

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ngrclub-protected.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	ngrclub-protected.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Control Panel\International\Geo\Nation	ngrclub-protected.exe

Executes dropped EXE 2 IoCs

pid	Process
1452	CLEANER.EXE
5056	NGRCLUB-SPOOFER.EXE

Themida packer 5 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2204-0-0x0000000000FD0000-0x0000000001768000-memory.dmp	themida
behavioral1/memory/2204-2-0x0000000000FD0000-0x0000000001768000-memory.dmp	themida
behavioral1/memory/2204-3-0x0000000000FD0000-0x0000000001768000-memory.dmp	themida
behavioral1/memory/2204-4-0x0000000000FD0000-0x0000000001768000-memory.dmp	themida
behavioral1/memory/2204-22-0x0000000000FD0000-0x0000000001768000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ngrclub-protected.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2204	ngrclub-protected.exe

Launches sc.exe 64 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
548	sc.exe
4936	Process not Found
4408	Process not Found
3836	Process not Found
632	sc.exe
3504	sc.exe
3180	Process not Found
1116	Process not Found
2128	Process not Found
4880	sc.exe
3172	sc.exe
4964	Process not Found
452	Process not Found
5116	Process not Found
4444	Process not Found
3348	Process not Found
2968	sc.exe
4028	sc.exe
2312	sc.exe
1252	sc.exe
2968	Process not Found
1092	Process not Found
3692	Process not Found
4392	Process not Found
3524	sc.exe
3608	sc.exe
1548	sc.exe
1804	Process not Found
4824	Process not Found
4396	sc.exe
4864	sc.exe
3272	sc.exe
376	Process not Found
4012	sc.exe
1948	sc.exe
4788	sc.exe
4040	Process not Found
4972	Process not Found
1800	Process not Found
4760	Process not Found
2908	Process not Found
4380	Process not Found
3264	sc.exe
4304	sc.exe
3628	sc.exe
2472	Process not Found
1392	Process not Found
2024	Process not Found
3740	Process not Found
4828	Process not Found
4084	sc.exe
396	sc.exe
3632	Process not Found
2064	Process not Found
4244	Process not Found
4784	Process not Found
4040	Process not Found
2328	sc.exe
4712	sc.exe
4624	Process not Found
728	Process not Found
5032	sc.exe
1252	sc.exe
2052	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with taskkill 64 IoCs

evasion

pid	Process
3792	taskkill.exe
2664	taskkill.exe
4788	taskkill.exe
2868	Process not Found
2848	Process not Found
2240	Process not Found
2956	taskkill.exe
2640	Process not Found
2216	Process not Found
2284	Process not Found
1780	taskkill.exe
3680	taskkill.exe
1476	taskkill.exe
4060	taskkill.exe
532	taskkill.exe
4636	Process not Found
4820	taskkill.exe
4876	taskkill.exe
4180	taskkill.exe
1532	taskkill.exe
836	Process not Found
2640	Process not Found
4040	Process not Found
4736	Process not Found
3924	Process not Found
4416	taskkill.exe
1248	taskkill.exe
4268	Process not Found
3292	Process not Found
1432	Process not Found
1536	taskkill.exe
640	taskkill.exe
3596	taskkill.exe
4884	taskkill.exe
1868	Process not Found
4896	Process not Found
2376	Process not Found
5016	Process not Found
4228	taskkill.exe
3724	taskkill.exe
1008	Process not Found
3460	Process not Found
4832	Process not Found
1784	Process not Found
3692	taskkill.exe
1596	Process not Found
388	Process not Found
4040	Process not Found
2600	Process not Found
2504	Process not Found
5048	Process not Found
5016	taskkill.exe
552	taskkill.exe
3172	taskkill.exe
4516	Process not Found
880	taskkill.exe
4392	Process not Found
4372	Process not Found
748	Process not Found
1200	Process not Found
5012	taskkill.exe
2364	taskkill.exe
516	taskkill.exe
3236	Process not Found

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2204	ngrclub-protected.exe
2204	ngrclub-protected.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1780	taskkill.exe
Token: SeDebugPrivilege	3272	taskkill.exe
Token: SeDebugPrivilege	2192	taskkill.exe
Token: SeDebugPrivilege	4080	taskkill.exe
Token: SeDebugPrivilege	112	taskkill.exe
Token: SeDebugPrivilege	212	taskkill.exe
Token: SeDebugPrivilege	4820	taskkill.exe
Token: SeDebugPrivilege	1840	taskkill.exe
Token: SeDebugPrivilege	2676	taskkill.exe
Token: SeDebugPrivilege	4408	taskkill.exe
Token: SeDebugPrivilege	2388	taskkill.exe
Token: SeDebugPrivilege	4040	taskkill.exe
Token: SeDebugPrivilege	4880	taskkill.exe
Token: SeDebugPrivilege	1992	taskkill.exe
Token: SeDebugPrivilege	4084	cmd.exe
Token: SeDebugPrivilege	4624	taskkill.exe
Token: SeDebugPrivilege	968	taskkill.exe
Token: SeDebugPrivilege	1192	taskkill.exe
Token: SeDebugPrivilege	2584	taskkill.exe
Token: SeDebugPrivilege	2920	taskkill.exe
Token: SeDebugPrivilege	1032	cmd.exe
Token: SeDebugPrivilege	5012	taskkill.exe
Token: SeDebugPrivilege	4304	taskkill.exe
Token: SeDebugPrivilege	5016	cmd.exe
Token: SeDebugPrivilege	4588	cmd.exe
Token: SeDebugPrivilege	5108	cmd.exe
Token: SeDebugPrivilege	2004	cmd.exe
Token: SeDebugPrivilege	3108	cmd.exe
Token: SeDebugPrivilege	4508	cmd.exe
Token: SeDebugPrivilege	2364	taskkill.exe
Token: SeDebugPrivilege	2880	cmd.exe
Token: SeDebugPrivilege	1532	taskkill.exe
Token: SeDebugPrivilege	4784	cmd.exe
Token: SeDebugPrivilege	2572	taskkill.exe
Token: SeDebugPrivilege	4180	cmd.exe
Token: SeDebugPrivilege	1000	cmd.exe
Token: SeDebugPrivilege	452	taskkill.exe
Token: SeDebugPrivilege	4524	cmd.exe
Token: SeDebugPrivilege	1404	taskkill.exe
Token: SeDebugPrivilege	540	taskkill.exe
Token: SeDebugPrivilege	4860	taskkill.exe
Token: SeDebugPrivilege	1536	taskkill.exe
Token: SeDebugPrivilege	1392	taskkill.exe
Token: SeDebugPrivilege	4708	cmd.exe
Token: SeDebugPrivilege	4740	taskkill.exe
Token: SeDebugPrivilege	3264	cmd.exe
Token: SeDebugPrivilege	4712	cmd.exe
Token: SeDebugPrivilege	1032	cmd.exe
Token: SeDebugPrivilege	872	taskkill.exe
Token: SeDebugPrivilege	3680	sc.exe
Token: SeDebugPrivilege	552	cmd.exe
Token: SeDebugPrivilege	2600	cmd.exe
Token: SeDebugPrivilege	3856	taskkill.exe
Token: SeDebugPrivilege	244	cmd.exe
Token: SeDebugPrivilege	4036	taskkill.exe
Token: SeDebugPrivilege	2776	cmd.exe
Token: SeDebugPrivilege	1400	cmd.exe
Token: SeDebugPrivilege	4972	taskkill.exe
Token: SeDebugPrivilege	1528	taskkill.exe
Token: SeDebugPrivilege	1044	taskkill.exe
Token: SeDebugPrivilege	1172	cmd.exe
Token: SeDebugPrivilege	4272	taskkill.exe
Token: SeDebugPrivilege	3116	taskkill.exe
Token: SeDebugPrivilege	824	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 1452	2204	ngrclub-protected.exe	92
PID 2204 wrote to memory of 1452	2204	ngrclub-protected.exe	92
PID 2204 wrote to memory of 5056	2204	ngrclub-protected.exe	93
PID 2204 wrote to memory of 5056	2204	ngrclub-protected.exe	93
PID 5056 wrote to memory of 2984	5056	NGRCLUB-SPOOFER.EXE	95
PID 5056 wrote to memory of 2984	5056	NGRCLUB-SPOOFER.EXE	95
PID 5056 wrote to memory of 1008	5056	NGRCLUB-SPOOFER.EXE	96
PID 5056 wrote to memory of 1008	5056	NGRCLUB-SPOOFER.EXE	96
PID 5056 wrote to memory of 3928	5056	NGRCLUB-SPOOFER.EXE	102
PID 5056 wrote to memory of 3928	5056	NGRCLUB-SPOOFER.EXE	102
PID 3928 wrote to memory of 1780	3928	cmd.exe	103
PID 3928 wrote to memory of 1780	3928	cmd.exe	103
PID 5056 wrote to memory of 2156	5056	NGRCLUB-SPOOFER.EXE	104
PID 5056 wrote to memory of 2156	5056	NGRCLUB-SPOOFER.EXE	104
PID 2156 wrote to memory of 3272	2156	cmd.exe	105
PID 2156 wrote to memory of 3272	2156	cmd.exe	105
PID 5056 wrote to memory of 3452	5056	NGRCLUB-SPOOFER.EXE	106
PID 5056 wrote to memory of 3452	5056	NGRCLUB-SPOOFER.EXE	106
PID 5056 wrote to memory of 3856	5056	NGRCLUB-SPOOFER.EXE	107
PID 5056 wrote to memory of 3856	5056	NGRCLUB-SPOOFER.EXE	107
PID 5056 wrote to memory of 632	5056	NGRCLUB-SPOOFER.EXE	108
PID 5056 wrote to memory of 632	5056	NGRCLUB-SPOOFER.EXE	108
PID 3856 wrote to memory of 2192	3856	cmd.exe	110
PID 3856 wrote to memory of 2192	3856	cmd.exe	110
PID 632 wrote to memory of 4080	632	cmd.exe	109
PID 632 wrote to memory of 4080	632	cmd.exe	109
PID 5056 wrote to memory of 3596	5056	NGRCLUB-SPOOFER.EXE	111
PID 5056 wrote to memory of 3596	5056	NGRCLUB-SPOOFER.EXE	111
PID 5056 wrote to memory of 4036	5056	NGRCLUB-SPOOFER.EXE	112
PID 5056 wrote to memory of 4036	5056	NGRCLUB-SPOOFER.EXE	112
PID 3596 wrote to memory of 112	3596	cmd.exe	113
PID 3596 wrote to memory of 112	3596	cmd.exe	113
PID 4036 wrote to memory of 212	4036	cmd.exe	114
PID 4036 wrote to memory of 212	4036	cmd.exe	114
PID 5056 wrote to memory of 4568	5056	NGRCLUB-SPOOFER.EXE	115
PID 5056 wrote to memory of 4568	5056	NGRCLUB-SPOOFER.EXE	115
PID 5056 wrote to memory of 4308	5056	NGRCLUB-SPOOFER.EXE	116
PID 5056 wrote to memory of 4308	5056	NGRCLUB-SPOOFER.EXE	116
PID 4568 wrote to memory of 4820	4568	cmd.exe	117
PID 4568 wrote to memory of 4820	4568	cmd.exe	117
PID 4308 wrote to memory of 1840	4308	cmd.exe	118
PID 4308 wrote to memory of 1840	4308	cmd.exe	118
PID 5056 wrote to memory of 2864	5056	NGRCLUB-SPOOFER.EXE	119
PID 5056 wrote to memory of 2864	5056	NGRCLUB-SPOOFER.EXE	119
PID 5056 wrote to memory of 4856	5056	NGRCLUB-SPOOFER.EXE	120
PID 5056 wrote to memory of 4856	5056	NGRCLUB-SPOOFER.EXE	120
PID 4856 wrote to memory of 2676	4856	cmd.exe	121
PID 4856 wrote to memory of 2676	4856	cmd.exe	121
PID 2864 wrote to memory of 4408	2864	cmd.exe	122
PID 2864 wrote to memory of 4408	2864	cmd.exe	122
PID 5056 wrote to memory of 4876	5056	NGRCLUB-SPOOFER.EXE	123
PID 5056 wrote to memory of 4876	5056	NGRCLUB-SPOOFER.EXE	123
PID 5056 wrote to memory of 4504	5056	NGRCLUB-SPOOFER.EXE	124
PID 5056 wrote to memory of 4504	5056	NGRCLUB-SPOOFER.EXE	124
PID 4876 wrote to memory of 2388	4876	cmd.exe	125
PID 4876 wrote to memory of 2388	4876	cmd.exe	125
PID 4504 wrote to memory of 5032	4504	cmd.exe	126
PID 4504 wrote to memory of 5032	4504	cmd.exe	126
PID 5056 wrote to memory of 3024	5056	NGRCLUB-SPOOFER.EXE	127
PID 5056 wrote to memory of 3024	5056	NGRCLUB-SPOOFER.EXE	127
PID 3024 wrote to memory of 4040	3024	cmd.exe	128
PID 3024 wrote to memory of 4040	3024	cmd.exe	128
PID 5056 wrote to memory of 2320	5056	NGRCLUB-SPOOFER.EXE	129
PID 5056 wrote to memory of 2320	5056	NGRCLUB-SPOOFER.EXE	129

C:\Users\Admin\AppData\Local\Temp\ngrclub-protected.exe
"C:\Users\Admin\AppData\Local\Temp\ngrclub-protected.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\CLEANER.EXE
  "C:\Users\Admin\AppData\Local\Temp\CLEANER.EXE"
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Users\Admin\AppData\Local\Temp\NGRCLUB-SPOOFER.EXE
  "C:\Users\Admin\AppData\Local\Temp\NGRCLUB-SPOOFER.EXE"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:5056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c color d
    3⤵
    PID:2984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3928
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2156
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3856
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:632
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Ida64.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3596
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im OllyDbg.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4036
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4568
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Dbg64.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4308
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2864
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Dbg32.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4856
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4876
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2388
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4504
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      Launches sc.exe
      PID:5032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3024
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2320
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4920
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3836
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3308
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:4624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4696
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    PID:3140
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3512
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:4764
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:2920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1396
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:1008
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      PID:1280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3692
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Kills process with taskkill
      PID:5012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2300
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:4304
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1200
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      Kills process with taskkill
      PID:5016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3556
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:4588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:552
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:5108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1056
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:2004
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3348
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4224
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
      4⤵
      PID:4508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1728
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:2364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3100
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
      4⤵
      PID:2880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3884
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2256
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
      4⤵
      PID:4784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3104
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4580
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
      4⤵
      PID:4180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2136
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2472
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
      4⤵
      PID:452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1860
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2556
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:644
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1864
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4056
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:1536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4624
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
      4⤵
      PID:1392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1276
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4804
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:4740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3140
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4868
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:4712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4764
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1252
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:1248
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      Launches sc.exe
      PID:3524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>&1
    3⤵
    PID:3284
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerProSdk
      4⤵
      Launches sc.exe
      PID:3608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3624
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1
    3⤵
    PID:4588
  - - C:\Windows\system32\sc.exe
      sc stop KProcessHacker3
      4⤵
      PID:3808
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1
    3⤵
    PID:3120
  - - C:\Windows\system32\sc.exe
      sc stop KProcessHacker2
      4⤵
      Launches sc.exe
      PID:2968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1676
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1
    3⤵
    PID:1056
  - - C:\Windows\system32\sc.exe
      sc stop KProcessHacker1
      4⤵
      PID:2052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1468
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:2600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1
    3⤵
    PID:1556
  - - C:\Windows\system32\sc.exe
      sc stop wireshark
      4⤵
      Launches sc.exe
      PID:4012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2952
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    PID:1728
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      PID:244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1884
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:3884
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:2776
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4936
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:1400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:4408
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      Launches sc.exe
      PID:4396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4580
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4972
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1804
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:1528
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4244
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2512
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:1172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3956
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:548
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:3116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4064
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4380
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
      4⤵
      PID:3308
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2504
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3504
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3800
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4824
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
      4⤵
      PID:432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1396
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
    3⤵
    PID:912
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
      4⤵
      PID:4428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1248
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3324
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq die*" /IM * /F /T
      4⤵
      Kills process with taskkill
      PID:3792
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3680
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1836
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:1476
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:2968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2004
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
    3⤵
    PID:552
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebugger.exe
      4⤵
      PID:1096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2192
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FolderChangesView.exe >nul 2>&1
    3⤵
    PID:4256
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FolderChangesView.exe
      4⤵
      PID:3276
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1900
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HttpDebuggerSdk >nul 2>&1
    3⤵
    PID:1784
  - - C:\Windows\system32\sc.exe
      sc stop HttpDebuggerSdk
      4⤵
      Launches sc.exe
      PID:2328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1
    3⤵
    PID:4448
  - - C:\Windows\system32\sc.exe
      sc stop npf
      4⤵
      Launches sc.exe
      PID:1948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1800
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:2256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    PID:4784
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      PID:3104
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2216
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:4564
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:5088
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2472
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
    3⤵
    PID:5040
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Ida64.exe
      4⤵
      PID:5064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3024
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Kills process with taskkill
      PID:4876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
    3⤵
    PID:2320
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im OllyDbg.exe
      4⤵
      PID:5044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1140
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4084
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Dbg64.exe
      4⤵
      PID:2240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:5092
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:1040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
    3⤵
    PID:4708
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Dbg32.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4124
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:5052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:1616
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      Launches sc.exe
      PID:3264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1032
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:4824
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:432
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:872
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3592
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:3608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4440
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:3324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3792
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:1836
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    PID:4348
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      PID:1476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2968
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:4508
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:2544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3020
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Kills process with taskkill
      PID:552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3856
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:3784
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      PID:3656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:212
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:4832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2952
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2256
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:4936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1800
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4180
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2216
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4856
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
      4⤵
      PID:2472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4544
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1536
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
      4⤵
      PID:4104
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2320
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2240
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
      4⤵
      PID:4380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4084
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4200
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
      4⤵
      PID:1956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3800
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2536
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
      4⤵
      Kills process with taskkill
      PID:3692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2984
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1248
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2992
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3324
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:4440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3792
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Kills process with taskkill
      PID:4228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3348
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
      4⤵
      PID:4024
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4588
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2928
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:3452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3656
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:244
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4832
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:1840
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      PID:2952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2136
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>&1
    3⤵
    PID:3292
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerProSdk
      4⤵
      PID:1400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1
    3⤵
    PID:2500
  - - C:\Windows\system32\sc.exe
      sc stop KProcessHacker3
      4⤵
      PID:4396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:5032
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      Kills process with taskkill
      PID:4180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1
    3⤵
    PID:2508
  - - C:\Windows\system32\sc.exe
      sc stop KProcessHacker2
      4⤵
      Launches sc.exe
      PID:4028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:5040
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1
    3⤵
    PID:1876
  - - C:\Windows\system32\sc.exe
      sc stop KProcessHacker1
      4⤵
      Launches sc.exe
      PID:4880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1
    3⤵
    PID:540
  - - C:\Windows\system32\sc.exe
      sc stop wireshark
      4⤵
      Launches sc.exe
      PID:548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4244
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4104
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    PID:4788
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      PID:1536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4896
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:4624
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:2240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4928
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:1616
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      PID:3628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4804
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4712
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2984
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4904
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:1596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3592
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3340
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:2324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:400
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2392
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
      4⤵
      PID:2664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:232
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:1780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4588
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3108
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
      4⤵
      PID:2904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:112
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1900
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
      4⤵
      PID:728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1728
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4832
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
      4⤵
      PID:1892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1952
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Kills process with taskkill
      PID:3172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4936
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq die*" /IM * /F /T
      4⤵
      PID:3844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:4180
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:2956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4628
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4636
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
    3⤵
    PID:4556
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebugger.exe
      4⤵
      PID:548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1192
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FolderChangesView.exe >nul 2>&1
    3⤵
    PID:4104
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FolderChangesView.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1788
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HttpDebuggerSdk >nul 2>&1
    3⤵
    PID:4296
  - - C:\Windows\system32\sc.exe
      sc stop HttpDebuggerSdk
      4⤵
      Launches sc.exe
      PID:4864
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1
    3⤵
    PID:824
  - - C:\Windows\system32\sc.exe
      sc stop npf
      4⤵
      PID:5052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4200
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    PID:2584
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      PID:4484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1616
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:4868
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:5116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:532
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
    3⤵
    PID:1248
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Ida64.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4304
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3644
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2576
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5016
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im OllyDbg.exe
      4⤵
      PID:3928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
    3⤵
    PID:3696
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Dbg64.exe
      4⤵
      Kills process with taskkill
      PID:3680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1132
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5108
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Dbg32.exe
      4⤵
      PID:3852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2192
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:1056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:3784
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      Launches sc.exe
      PID:632
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1096
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3100
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:2776
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:728
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1840
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:1800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2952
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:5088
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4564
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2136
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    PID:1172
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      PID:4628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2956
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:4272
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:4856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1140
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:1992
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      Launches sc.exe
      PID:4788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3180
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      Kills process with taskkill
      PID:4416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2320
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:2240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4296
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2868
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:4624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4200
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2312
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:3264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1616
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1292
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
      4⤵
      PID:1252
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:532
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:2144
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1596
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
      4⤵
      PID:4440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1836
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3928
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
      4⤵
      PID:2156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3348
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      Kills process with taskkill
      PID:1476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3340
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
      4⤵
      PID:232
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3852
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Kills process with taskkill
      PID:2664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2600
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
      4⤵
      PID:4448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2564
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3108
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
      4⤵
      PID:3488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4308
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4784
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:1892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4524
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:5088
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4728
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
      4⤵
      PID:992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2556
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2136
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:4628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:516
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      Kills process with taskkill
      PID:3724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3796
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:4272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4856
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:4040
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      PID:2116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3520
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:5068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>&1
    3⤵
    PID:3980
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerProSdk
      4⤵
      Launches sc.exe
      PID:4084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2920
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4124
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1
    3⤵
    PID:4044
  - - C:\Windows\system32\sc.exe
      sc stop KProcessHacker3
      4⤵
      Launches sc.exe
      PID:3504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1
    3⤵
    PID:4624
  - - C:\Windows\system32\sc.exe
      sc stop KProcessHacker2
      4⤵
      PID:3512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2868
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1
    3⤵
    PID:388
  - - C:\Windows\system32\sc.exe
      sc stop KProcessHacker1
      4⤵
      PID:4484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2984
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1
    3⤵
    PID:1452
  - - C:\Windows\system32\sc.exe
      sc stop wireshark
      4⤵
      Launches sc.exe
      PID:1252
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2536
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:2576
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    PID:3120
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      PID:2096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:872
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:1596
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:3592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:5012
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:3632
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      PID:3452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4508
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:4588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3272
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2880
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:1884
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1780
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:244
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:4032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1784
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1800
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
      4⤵
      PID:2500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1468
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3172
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
      4⤵
      PID:1240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1952
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:556
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1804
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
      4⤵
      PID:2956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1000
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:5092
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4272
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
      4⤵
      PID:396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2116
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4268
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq die*" /IM * /F /T
      4⤵
      PID:3520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4896
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:4708
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:4280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3056
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:5052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
    3⤵
    PID:3396
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebugger.exe
      4⤵
      PID:1188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3264
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FolderChangesView.exe >nul 2>&1
    3⤵
    PID:4692
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FolderChangesView.exe
      4⤵
      PID:5116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1452
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HttpDebuggerSdk >nul 2>&1
    3⤵
    PID:3524
  - - C:\Windows\system32\sc.exe
      sc stop HttpDebuggerSdk
      4⤵
      PID:1292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2608
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1
    3⤵
    PID:1248
  - - C:\Windows\system32\sc.exe
      sc stop npf
      4⤵
      PID:2772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    PID:2300
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      PID:880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2928
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:3276
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:3784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4588
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:1056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
    3⤵
    PID:3340
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Ida64.exe
      4⤵
      Kills process with taskkill
      PID:640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4036
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1884
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
    3⤵
    PID:2676
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im OllyDbg.exe
      4⤵
      PID:1948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4568
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
    3⤵
    PID:4032
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Dbg64.exe
      4⤵
      PID:728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3292
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:2500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
    3⤵
    PID:1840
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Dbg32.exe
      4⤵
      PID:628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1172
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:2388
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      Launches sc.exe
      PID:3172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1952
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4244
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:4628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1804
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1392
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4272
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:2848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1992
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:4824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4584
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    PID:824
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      PID:4044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2504
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:2312
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:2868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2584
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:3264
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      PID:3692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:5116
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4304
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:4428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:552
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2544
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:2156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:220
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1476
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:3452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2968
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4448
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
      4⤵
      PID:3324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:5020
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3792
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
      4⤵
      Kills process with taskkill
      PID:1532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2600
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3488
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
      4⤵
      PID:3444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1784
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4524
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
      4⤵
      PID:1468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3844
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2496
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4936
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
      4⤵
      PID:2996
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3968
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2136
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
      4⤵
      Kills process with taskkill
      PID:2956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4180
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3428
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:1876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4788
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1624
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
      4⤵
      PID:1788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4696
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:1040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:912
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:4056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1956
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3628
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:5052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4928
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:1188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:3188
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      Launches sc.exe
      PID:1548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2132
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      Kills process with taskkill
      PID:4060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>&1
    3⤵
    PID:2492
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerProSdk
      4⤵
      Launches sc.exe
      PID:2312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1
    3⤵
    PID:1616
  - - C:\Windows\system32\sc.exe
      sc stop KProcessHacker3
      4⤵
      PID:804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4712
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1
    3⤵
    PID:3284
  - - C:\Windows\system32\sc.exe
      sc stop KProcessHacker2
      4⤵
      PID:532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2640
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1
    3⤵
    PID:2096
  - - C:\Windows\system32\sc.exe
      sc stop KProcessHacker1
      4⤵
      Launches sc.exe
      PID:4304
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1
    3⤵
    PID:2324
  - - C:\Windows\system32\sc.exe
      sc stop wireshark
      4⤵
      PID:552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1596
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Kills process with taskkill
      PID:1248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    PID:3120
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      Kills process with taskkill
      PID:880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2928
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:632
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:5108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4588
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:1056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:3020
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      Launches sc.exe
      PID:3272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1728
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:3792
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4536
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1400
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:2428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:5088
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:628
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1800
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:1240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3104
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4028
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
      4⤵
      PID:1952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:5032
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2376
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
      4⤵
      PID:3308
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:5044
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3428
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3836
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4104
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
      4⤵
      PID:1992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4296
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4124
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq die*" /IM * /F /T
      4⤵
      PID:2320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4708
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:3396
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:1260
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1968
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:1544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
    3⤵
    PID:2312
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebugger.exe
      4⤵
      PID:3140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1356
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:2132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FolderChangesView.exe >nul 2>&1
    3⤵
    PID:1416
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FolderChangesView.exe
      4⤵
      PID:3692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4924
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HttpDebuggerSdk >nul 2>&1
    3⤵
    PID:3592
  - - C:\Windows\system32\sc.exe
      sc stop HttpDebuggerSdk
      4⤵
      Launches sc.exe
      PID:2052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1452
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1
    3⤵
    PID:4016
  - - C:\Windows\system32\sc.exe
      sc stop npf
      4⤵
      PID:1200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    PID:1100
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      PID:1248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1132
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:1836
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:3348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1476
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:5012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
    3⤵
    PID:4256
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Ida64.exe
      4⤵
      PID:4392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:640
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
    3⤵
    PID:2652
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im OllyDbg.exe
      4⤵
      PID:2676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4400
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
    3⤵
    PID:4536
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Dbg64.exe
      4⤵
      PID:3596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3488
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
    3⤵
    PID:228
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Dbg32.exe
      4⤵
      PID:4408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1468
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:2496
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:1680
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      PID:4880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2508
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:2532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3024
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:5040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2956
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3956
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:3308
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1876
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4544
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:5068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1140
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    PID:4108
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      PID:2276
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1404
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:4268
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:4056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:824
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:2024
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:4624
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      PID:1260
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3396
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:1544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4836
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2312
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:1356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4804
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3264
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1416
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:3808
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:552
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:2640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4024
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
      4⤵
      PID:4796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2300
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3556
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2992
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
      4⤵
      PID:2544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1132
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2904
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
      4⤵
      PID:1476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4384
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
    3⤵
    PID:5020
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
      4⤵
      PID:3100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2392
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:2676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1532
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:244
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
      4⤵
      PID:1028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3444
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3488
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
      4⤵
      PID:556
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2556
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:1800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1824
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:4784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2136
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3104
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
    3⤵
    PID:5092
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
      4⤵
      PID:2388
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:5032
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:1864
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3796
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      Kills process with taskkill
      PID:516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:396
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2848
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:5044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4348
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:1140
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      PID:1040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>&1
    3⤵
    PID:2320
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerProSdk
      4⤵
      PID:4976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1276
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1
    3⤵
    PID:4056
  - - C:\Windows\system32\sc.exe
      sc stop KProcessHacker3
      4⤵
      Launches sc.exe
      PID:1252
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1
    3⤵
    PID:4200
  - - C:\Windows\system32\sc.exe
      sc stop KProcessHacker2
      4⤵
      Launches sc.exe
      PID:3628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2024
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1
    3⤵
    PID:1544
  - - C:\Windows\system32\sc.exe
      sc stop KProcessHacker1
      4⤵
      PID:2064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3188
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:388
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1
    3⤵
    PID:1548
  - - C:\Windows\system32\sc.exe
      sc stop wireshark
      4⤵
      PID:3284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    PID:1196
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      PID:692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1860
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:3592
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:2584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2096
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:2536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:2352
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1556
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3556
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:2300
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:5108
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:2992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:232
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1988
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3340
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      PID:1780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3696
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2776
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      Kills process with taskkill
      PID:3596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:632
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
      4⤵
      PID:4832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2260
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:2564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:992
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
      4⤵
      PID:4504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3440
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1128
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
      4⤵
      PID:3844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4880
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2508
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
      4⤵
      PID:2472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:968
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:5064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4244
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq die*" /IM * /F /T
      4⤵
      PID:1000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4040
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4864
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:2116
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:3180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:5044
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3864
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
    3⤵
    PID:912
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebugger.exe
      4⤵
      PID:440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4084
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:2520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FolderChangesView.exe >nul 2>&1
    3⤵
    PID:1260
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FolderChangesView.exe
      4⤵
      PID:1404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4764
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:1280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HttpDebuggerSdk >nul 2>&1
    3⤵
    PID:4720
  - - C:\Windows\system32\sc.exe
      sc stop HttpDebuggerSdk
      4⤵
      PID:1116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2492
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:2024
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1
    3⤵
    PID:4624
  - - C:\Windows\system32\sc.exe
      sc stop npf
      4⤵
      Launches sc.exe
      PID:4712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    PID:532
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      PID:5016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2576
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:1396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:2108
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      PID:1616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1196
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
    3⤵
    PID:3524
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Ida64.exe
      4⤵
      PID:3644
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2536
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4024
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
    3⤵
    PID:2352
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im OllyDbg.exe
      4⤵
      PID:880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4796
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
    3⤵
    PID:4476
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Dbg64.exe
      4⤵
      PID:3276
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2928
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
    3⤵
    PID:2904
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im Dbg32.exe
      4⤵
      PID:224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3120
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:3884
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      PID:3696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3656
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:4364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1784
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:4568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:2392
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:632
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2564
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:3108
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:5040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:2864
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1528
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:320
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
    3⤵
    PID:3024
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerUI.exe
      4⤵
      PID:4636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:2556
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:2508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
    3⤵
    PID:2532
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im HTTPDebuggerSvc.exe
      4⤵
      Kills process with taskkill
      PID:4788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:3956
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:3980
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
    3⤵
    PID:1804
  - - C:\Windows\system32\sc.exe
      sc stop HTTPDebuggerPro
      4⤵
      Launches sc.exe
      PID:396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4876
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:1040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4824
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
      4⤵
      PID:1876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4044
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1872
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
      4⤵
      PID:912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1188
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4380
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
      4⤵
      Kills process with taskkill
      PID:4884
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4928
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
      4⤵
      PID:1828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:1032
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:4184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:3396
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
      4⤵
      Kills process with taskkill
      PID:532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:5016
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4804
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
      4⤵
      PID:2108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:4868
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:2584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:1292
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:3644
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
    3⤵
    PID:552
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
      4⤵
      PID:4024
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
    3⤵
    PID:220
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      4⤵
      PID:1248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
    3⤵
    PID:4904
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
      4⤵
      PID:872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
    3⤵
    PID:4392
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      4⤵
      PID:5012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
    3⤵
    PID:1132
  - - C:\Windows\system32\taskkill.exe
      taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
      4⤵
      PID:4612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CLEANER.EXE

Filesize
48KB

MD5
963fb8ce4a9e37907a7bfe4d439f73b0

SHA1
61e61720769d0ea49b8e364c6d525b59526b9116

SHA256
7eaf13d7fec8e039fb4b6bd20b51601352bed1412c9cf7703faf483e68a196ff

SHA512
95889a520ee3f4a06d2c9c0e039be3d73e1f06260a814126a6637f849335e4fce26561002e88ae7c1f7b7536a3d5319e5e7bae796f6b6b57c8982ca301d6fb65

Download Submit
C:\Users\Admin\AppData\Local\Temp\NGRCLUB-SPOOFER.EXE

Filesize
447KB

MD5
6ff27cb3090c840789c21b669314fc40

SHA1
9c9b159b80c8b367d86d34bf200f1f0c39a66057

SHA256
4464195bf44db8abb66be4a6aa98443c30fb967567d3f227ec5ce67984f8d6a0

SHA512
fe80529d27333249f0935b94dba9472b23db521ebbda10945335a6b0cfd0c1130437a234407a2fd9da1e632c65fb90b8a2da5bb2bd545274ef08abb0538caf45

Download Submit
memory/1452-23-0x0000000000200000-0x0000000000212000-memory.dmp

Filesize
72KB

Download
memory/1452-26-0x00007FF988770000-0x00007FF989231000-memory.dmp

Filesize
10.8MB

Download
memory/1452-28-0x000000001AF20000-0x000000001AF30000-memory.dmp

Filesize
64KB

Download
memory/1452-29-0x00007FF988770000-0x00007FF989231000-memory.dmp

Filesize
10.8MB

Download
memory/2204-0-0x0000000000FD0000-0x0000000001768000-memory.dmp

Filesize
7.6MB

Download
memory/2204-1-0x0000000077514000-0x0000000077516000-memory.dmp

Filesize
8KB

Download
memory/2204-2-0x0000000000FD0000-0x0000000001768000-memory.dmp

Filesize
7.6MB

Download
memory/2204-3-0x0000000000FD0000-0x0000000001768000-memory.dmp

Filesize
7.6MB

Download
memory/2204-4-0x0000000000FD0000-0x0000000001768000-memory.dmp

Filesize
7.6MB

Download
memory/2204-22-0x0000000000FD0000-0x0000000001768000-memory.dmp

Filesize
7.6MB

Download