Analysis Overview
SHA256
f7ffda8d8e1949fa2b1cbba487da7a3f441e72738cae3464fbde37d4ff161ac1
Threat Level: Likely malicious
The file untraceable.rar was found to be: Likely malicious.
Malicious Activity Summary
Modifies Windows Firewall
Reads user/profile data of web browsers
Drops file in Windows directory
Unsigned PE
Event Triggered Execution: Netsh Helper DLL
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Checks processor information in registry
Suspicious use of WriteProcessMemory
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-18 11:14
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 11:14
Reported
2024-06-18 11:15
Platform
win10v2004-20240611-en
Max time kernel
19s
Max time network
21s
Command Line
Signatures
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\untraceable.rar
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\untraceable.rar"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9259B45DD2D9CD3148B1ECC30147FE98 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1740F6B896AC73CA58127C101B74B471 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1740F6B896AC73CA58127C101B74B471 --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2C5FCEF82A11EB428211E8F5748DB129 --mojo-platform-channel-handle=2340 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E6A305811A6D96A5C91A395C1552311B --mojo-platform-channel-handle=1868 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D4D29FB16F94797CD8E2751D96991AC0 --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| NL | 23.62.61.88:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.61.62.23.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 11:14
Reported
2024-06-18 11:18
Platform
win10v2004-20240508-en
Max time kernel
205s
Max time network
204s
Command Line
Signatures
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Reads user/profile data of web browsers
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\CBS\CBS.log | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\Logs\waasmedic\WAASME~1.ETL | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\Logs\waasmedic\WAASME~2.ETL | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\Logs\waasmedic\WAASME~3.ETL | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\Logs\waasmedic\WAASME~4.ETL | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\Logs\waasmedic\WAACF5~1.ETL | C:\Windows\system32\cmd.exe | N/A |
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\untraceable.exe
"C:\Users\Admin\AppData\Local\Temp\untraceable.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im epicgameslauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im epicgameslauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicWebHelper.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicWebHelper.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_BE.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_BE.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteLauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicGamesLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EasyAntiCheat.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EasyAntiCheat.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEService.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BEService.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEServices.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BEServices.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BattleEye.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BattleEye.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\EpicOnlineServices" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\EpicOnlineServices" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCU\SOFTWARE\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCU\SOFTWARE\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Classes\com.epicgames.launcher" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Classes\com.epicgames.launcher" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\BEService" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\BEService" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\BEDaisy" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\BEDaisy" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEService" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEService" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEDaisy" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEDaisy" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\WOW6432Node\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\WOW6432Node\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\com.epicgames.launcher" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\com.epicgames.launcher" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCR\com.epicgames.eos" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCR\com.epicgames.eos" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\EpicGames" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\EpicGames" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKEY_USERS\S-1-5-18\Software\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKEY_USERS\S-1-5-18\Software\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c netsh advfirewall reset > nul 2>&1
C:\Windows\system32\netsh.exe
netsh advfirewall reset
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Users\%username%\AppData\Local\Microsoft\Windows\INetCookies\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Users\%username%\AppData\Local\Microsoft\Windows\History\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Users\%username%\AppData\Local\Microsoft\Windows\INetCache\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Users\%username%\AppData\Local\Temp\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Windows\Temp\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Windows\Prefetch\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Temp\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.etl > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.log > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.tmp > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.old > nul 2>&1
C:\Users\Admin\AppData\Local\Temp\untraceable.exe
"C:\Users\Admin\AppData\Local\Temp\untraceable.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im epicgameslauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im epicgameslauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicWebHelper.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicWebHelper.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_BE.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_BE.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteLauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicGamesLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EasyAntiCheat.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EasyAntiCheat.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEService.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BEService.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEServices.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BEServices.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BattleEye.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BattleEye.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\EpicOnlineServices" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\EpicOnlineServices" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCU\SOFTWARE\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCU\SOFTWARE\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Classes\com.epicgames.launcher" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Classes\com.epicgames.launcher" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\BEService" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\BEService" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\BEDaisy" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\BEDaisy" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEService" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEService" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEDaisy" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEDaisy" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\WOW6432Node\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\WOW6432Node\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\com.epicgames.launcher" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\com.epicgames.launcher" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCR\com.epicgames.eos" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCR\com.epicgames.eos" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\EpicGames" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\EpicGames" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKEY_USERS\S-1-5-18\Software\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKEY_USERS\S-1-5-18\Software\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c netsh advfirewall reset > nul 2>&1
C:\Windows\system32\netsh.exe
netsh advfirewall reset
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Users\%username%\AppData\Local\EpicGamesLauncher" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Users\%username%\AppData\Local\FortniteGame" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Users\%username%\AppData\Local\Epic Games" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Users\%username%\AppData\Local\NVIDIA Corporation" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Users\%username%\AppData\Roaming\EasyAntiCheat" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Users\All Users\Epic\EpicGamesLauncher\Data\EMS\current" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Users\%username%\AppData\Local\UnrealEngine" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Users\%username%\AppData\Local\UnrealEngineLauncher" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\ProgramData\Epic\EpicOnlineServices" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\ProgramData\Epic\EpicGamesLauncher\Data\EMS\current" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Program Files (x86)\Epic Games\Epic Online Services\service" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\Shared Files" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Program Files (x86)\Common Files\BattlEye" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Program Files (x86)\EasyAntiCheat" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /s /Q "%systemdrive%\$Recycle.bin" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c el /q "%systemdrive%\ProgramData\Microsoft\Windows\WER\Temp\" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\ProgramData\Microsoft\Windows\WER\Temp\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Users\%username%\AppData\Local\Temp\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Users\%username%\AppData\Local\Temp\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Windows\Temp\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Windows\Temp\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Windows\TEMP\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Windows\TEMP\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Windows\temp\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Windows\temp\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Program Files (x86)\Temp\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Program Files (x86)\Temp\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Windows\Logs\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Windows\Logs\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Users\%username%\AppData\Local\D3DSCache\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Users\%username%\AppData\Local\D3DSCache\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Users\%username%\AppData\Local\CrashReportClient\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Users\%username%\AppData\Local\CrashReportClient\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Windows\Prefetch\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Windows\Prefetch\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Users\%username%\Recent\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Users\%username%\Recent\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Users\%username%\AppData\Local\AMD\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Users\%username%\AppData\Local\AMD\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Users\%username%\AppData\Local\AMD_Common\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Users\%username%\AppData\Local\AMD_Common\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Users\%username%\AppData\Local\Microsoft\Feeds\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Users\%username%\AppData\Local\Microsoft\Feeds\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im epicgameslauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im epicgameslauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicWebHelper.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicWebHelper.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_BE.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_BE.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteLauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicGamesLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EasyAntiCheat.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EasyAntiCheat.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEService.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BEService.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEServices.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BEServices.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BattleEye.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BattleEye.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\EpicOnlineServices" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\EpicOnlineServices" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCU\SOFTWARE\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCU\SOFTWARE\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Classes\com.epicgames.launcher" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Classes\com.epicgames.launcher" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\BEService" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\BEService" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\BEDaisy" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\BEDaisy" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEService" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEService" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEDaisy" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEDaisy" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\WOW6432Node\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\WOW6432Node\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\com.epicgames.launcher" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\com.epicgames.launcher" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCR\com.epicgames.eos" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCR\com.epicgames.eos" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\EpicGames" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\EpicGames" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKEY_USERS\S-1-5-18\Software\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKEY_USERS\S-1-5-18\Software\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c netsh advfirewall reset > nul 2>&1
C:\Windows\system32\netsh.exe
netsh advfirewall reset
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Users\%username%\AppData\Local\Microsoft\Windows\INetCookies\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Users\%username%\AppData\Local\Microsoft\Windows\History\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Users\%username%\AppData\Local\Microsoft\Windows\INetCache\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Users\%username%\AppData\Local\Temp\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Windows\Temp\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Windows\Prefetch\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Temp\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.etl > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.log > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.tmp > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.old > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.bak > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.bac > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.bup > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.chk > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.dmp > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.temp > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im epicgameslauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im epicgameslauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicWebHelper.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicWebHelper.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_BE.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_BE.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteLauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicGamesLauncher.exe