Analysis Overview
SHA256
f7ffda8d8e1949fa2b1cbba487da7a3f441e72738cae3464fbde37d4ff161ac1
Threat Level: Likely malicious
The file untraceable.rar was found to be: Likely malicious.
Malicious Activity Summary
Modifies Windows Firewall
Reads user/profile data of web browsers
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Event Triggered Execution: Netsh Helper DLL
Modifies Internet Explorer settings
Checks processor information in registry
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Kills process with taskkill
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-18 11:14
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 11:14
Reported
2024-06-18 11:15
Platform
win10v2004-20240611-en
Max time kernel
19s
Max time network
21s
Command Line
Signatures
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\untraceable.rar
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\untraceable.rar"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9259B45DD2D9CD3148B1ECC30147FE98 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1740F6B896AC73CA58127C101B74B471 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1740F6B896AC73CA58127C101B74B471 --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2C5FCEF82A11EB428211E8F5748DB129 --mojo-platform-channel-handle=2340 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E6A305811A6D96A5C91A395C1552311B --mojo-platform-channel-handle=1868 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D4D29FB16F94797CD8E2751D96991AC0 --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| NL | 23.62.61.88:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.61.62.23.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 11:14
Reported
2024-06-18 11:18
Platform
win10v2004-20240508-en
Max time kernel
205s
Max time network
204s
Command Line
Signatures
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Reads user/profile data of web browsers
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\CBS\CBS.log | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\Logs\waasmedic\WAASME~1.ETL | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\Logs\waasmedic\WAASME~2.ETL | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\Logs\waasmedic\WAASME~3.ETL | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\Logs\waasmedic\WAASME~4.ETL | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\Logs\waasmedic\WAACF5~1.ETL | C:\Windows\system32\cmd.exe | N/A |
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\untraceable.exe
"C:\Users\Admin\AppData\Local\Temp\untraceable.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im epicgameslauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im epicgameslauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicWebHelper.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicWebHelper.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_BE.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_BE.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteLauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicGamesLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EasyAntiCheat.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EasyAntiCheat.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEService.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BEService.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEServices.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BEServices.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BattleEye.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BattleEye.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\EpicOnlineServices" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\EpicOnlineServices" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCU\SOFTWARE\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCU\SOFTWARE\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Classes\com.epicgames.launcher" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Classes\com.epicgames.launcher" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\BEService" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\BEService" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\BEDaisy" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\BEDaisy" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEService" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEService" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEDaisy" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEDaisy" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\WOW6432Node\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\WOW6432Node\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\com.epicgames.launcher" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\com.epicgames.launcher" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCR\com.epicgames.eos" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCR\com.epicgames.eos" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\EpicGames" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\EpicGames" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKEY_USERS\S-1-5-18\Software\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKEY_USERS\S-1-5-18\Software\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c netsh advfirewall reset > nul 2>&1
C:\Windows\system32\netsh.exe
netsh advfirewall reset
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Users\%username%\AppData\Local\Microsoft\Windows\INetCookies\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Users\%username%\AppData\Local\Microsoft\Windows\History\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Users\%username%\AppData\Local\Microsoft\Windows\INetCache\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Users\%username%\AppData\Local\Temp\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Windows\Temp\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Windows\Prefetch\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Temp\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.etl > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.log > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.tmp > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.old > nul 2>&1
C:\Users\Admin\AppData\Local\Temp\untraceable.exe
"C:\Users\Admin\AppData\Local\Temp\untraceable.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im epicgameslauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im epicgameslauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicWebHelper.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicWebHelper.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_BE.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_BE.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteLauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicGamesLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EasyAntiCheat.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EasyAntiCheat.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEService.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BEService.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEServices.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BEServices.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BattleEye.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BattleEye.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\EpicOnlineServices" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\EpicOnlineServices" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCU\SOFTWARE\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCU\SOFTWARE\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Classes\com.epicgames.launcher" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Classes\com.epicgames.launcher" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\BEService" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\BEService" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\BEDaisy" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\BEDaisy" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEService" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEService" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEDaisy" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEDaisy" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\WOW6432Node\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\WOW6432Node\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\com.epicgames.launcher" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\com.epicgames.launcher" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCR\com.epicgames.eos" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCR\com.epicgames.eos" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\EpicGames" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\EpicGames" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKEY_USERS\S-1-5-18\Software\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKEY_USERS\S-1-5-18\Software\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c netsh advfirewall reset > nul 2>&1
C:\Windows\system32\netsh.exe
netsh advfirewall reset
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Users\%username%\AppData\Local\EpicGamesLauncher" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Users\%username%\AppData\Local\FortniteGame" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Users\%username%\AppData\Local\Epic Games" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Users\%username%\AppData\Local\NVIDIA Corporation" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Users\%username%\AppData\Roaming\EasyAntiCheat" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Users\All Users\Epic\EpicGamesLauncher\Data\EMS\current" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Users\%username%\AppData\Local\UnrealEngine" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Users\%username%\AppData\Local\UnrealEngineLauncher" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\ProgramData\Epic\EpicOnlineServices" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\ProgramData\Epic\EpicGamesLauncher\Data\EMS\current" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Program Files (x86)\Epic Games\Epic Online Services\service" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\Shared Files" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Program Files (x86)\Common Files\BattlEye" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /S /Q "%systemdrive%\Program Files (x86)\EasyAntiCheat" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c RMDIR /s /Q "%systemdrive%\$Recycle.bin" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c el /q "%systemdrive%\ProgramData\Microsoft\Windows\WER\Temp\" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\ProgramData\Microsoft\Windows\WER\Temp\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Users\%username%\AppData\Local\Temp\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Users\%username%\AppData\Local\Temp\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Windows\Temp\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Windows\Temp\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Windows\TEMP\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Windows\TEMP\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Windows\temp\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Windows\temp\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Program Files (x86)\Temp\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Program Files (x86)\Temp\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Windows\Logs\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Windows\Logs\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Users\%username%\AppData\Local\D3DSCache\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Users\%username%\AppData\Local\D3DSCache\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Users\%username%\AppData\Local\CrashReportClient\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Users\%username%\AppData\Local\CrashReportClient\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Windows\Prefetch\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Windows\Prefetch\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Users\%username%\Recent\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Users\%username%\Recent\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Users\%username%\AppData\Local\AMD\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Users\%username%\AppData\Local\AMD\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Users\%username%\AppData\Local\AMD_Common\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Users\%username%\AppData\Local\AMD_Common\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /q "%systemdrive%\Users\%username%\AppData\Local\Microsoft\Feeds\*" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c for /d %x in ("%systemdrive%\Users\%username%\AppData\Local\Microsoft\Feeds\*") do @rd /s /q "%x" > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im epicgameslauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im epicgameslauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicWebHelper.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicWebHelper.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_BE.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_BE.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteLauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicGamesLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EasyAntiCheat.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EasyAntiCheat.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEService.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BEService.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEServices.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BEServices.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BattleEye.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BattleEye.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\EpicOnlineServices" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\EpicOnlineServices" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCU\SOFTWARE\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCU\SOFTWARE\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Classes\com.epicgames.launcher" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Classes\com.epicgames.launcher" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\BEService" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\BEService" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\BEDaisy" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\BEDaisy" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEService" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEService" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEDaisy" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\BEDaisy" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\WOW6432Node\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\WOW6432Node\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\com.epicgames.launcher" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\com.epicgames.launcher" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKCR\com.epicgames.eos" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKCR\com.epicgames.eos" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKLM\SOFTWARE\EpicGames" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\EpicGames" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete "HKEY_USERS\S-1-5-18\Software\Epic Games" /f > nul 2>&1
C:\Windows\system32\reg.exe
reg delete "HKEY_USERS\S-1-5-18\Software\Epic Games" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c netsh advfirewall reset > nul 2>&1
C:\Windows\system32\netsh.exe
netsh advfirewall reset
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Users\%username%\AppData\Local\Microsoft\Windows\INetCookies\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Users\%username%\AppData\Local\Microsoft\Windows\History\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Users\%username%\AppData\Local\Microsoft\Windows\INetCache\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Users\%username%\AppData\Local\Temp\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Windows\Temp\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Windows\Prefetch\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\Temp\ > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.etl > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.log > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.tmp > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.old > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.bak > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.bac > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.bup > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.chk > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.dmp > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c del /f /s /q %systemdrive%\*.temp > nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im epicgameslauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im epicgameslauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicWebHelper.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicWebHelper.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_BE.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_BE.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteLauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EpicGamesLauncher.exe