cb8ec46d630371294ea6cd5490151d4883a14daa8f4ff2d3eda135791a944d6a

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0e2857585fb0593c05f3a7414886dc2_JaffaCakes118.exe
Size

2.3MB
MD5

d0e2857585fb0593c05f3a7414886dc2
SHA1

d9acb5db1b80f5f4545c700c9bb10bb409af02de
SHA256

cb8ec46d630371294ea6cd5490151d4883a14daa8f4ff2d3eda135791a944d6a
SHA512

e78a360a9c985f57742f9be081eb57d63a81d97c9966fde88666a294c9b02f910f455e31b1112ef4a6e7e1a033fcd32a5b42777155dce5ce8f275c581f11fa7b
SSDEEP

49152:0SAQn0kWuqRlh8PnbX1cURX6iFd1bFI8EUjyWl:3AQnQuqzKPD1t6iv1bZEUjyo

Score

7^/10

discovery evasion themida

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2712	MC.EXE
2692	tibia.exe

Identifies Wine through registry keys 2 TTPs 1 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Wine	d0e2857585fb0593c05f3a7414886dc2_JaffaCakes118.exe

Themida packer 3 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2328-0-0x0000000000400000-0x000000000090D000-memory.dmp	themida
behavioral1/memory/2328-11-0x0000000000400000-0x000000000090D000-memory.dmp	themida
behavioral1/memory/2328-20-0x0000000000400000-0x000000000090D000-memory.dmp	themida

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\STREEAM.BAT	d0e2857585fb0593c05f3a7414886dc2_JaffaCakes118.exe
File created	C:\Windows\MC.EXE	d0e2857585fb0593c05f3a7414886dc2_JaffaCakes118.exe
File created	C:\Windows\streeam.bat	MC.EXE
File created	C:\Windows\streeamupd.bat	MC.EXE
File created	C:\Windows\tibia.exe	MC.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Kills process with taskkill 64 IoCs

evasion

pid	Process
2940	taskkill.exe
2436	taskkill.exe
668	taskkill.exe
328	taskkill.exe
2920	taskkill.exe
1724	taskkill.exe
2140	taskkill.exe
2700	taskkill.exe
560	taskkill.exe
2356	taskkill.exe
2072	taskkill.exe
2764	taskkill.exe
2972	taskkill.exe
2244	taskkill.exe
1852	taskkill.exe
2344	taskkill.exe
1264	taskkill.exe
2096	taskkill.exe
1064	Process not Found
880	taskkill.exe
1348	taskkill.exe
1356	taskkill.exe
1648	taskkill.exe
2716	taskkill.exe
1164	Process not Found
1732	taskkill.exe
2608	taskkill.exe
3068	taskkill.exe
2044	taskkill.exe
1200	taskkill.exe
2072	taskkill.exe
2092	taskkill.exe
2992	taskkill.exe
2296	taskkill.exe
2720	taskkill.exe
2888	taskkill.exe
2824	taskkill.exe
1020	taskkill.exe
3008	taskkill.exe
1524	taskkill.exe
2128	taskkill.exe
2624	taskkill.exe
2292	taskkill.exe
1372	taskkill.exe
2140	taskkill.exe
1092	taskkill.exe
1996	taskkill.exe
2644	taskkill.exe
1932	Process not Found
3000	taskkill.exe
2296	taskkill.exe
1624	taskkill.exe
1552	taskkill.exe
2116	taskkill.exe
2820	taskkill.exe
888	taskkill.exe
964	taskkill.exe
2212	taskkill.exe
2064	taskkill.exe
2572	taskkill.exe
768	taskkill.exe
748	taskkill.exe
1584	Process not Found
2696	Process not Found

Modifies registry key 1 TTPs 2 IoCs

Modify Registry

T1112

pid	Process
2616	reg.exe
2580	reg.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2328	d0e2857585fb0593c05f3a7414886dc2_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2628	taskkill.exe
Token: SeDebugPrivilege	536	taskkill.exe
Token: SeDebugPrivilege	964	taskkill.exe
Token: SeDebugPrivilege	1664	taskkill.exe
Token: SeDebugPrivilege	1204	taskkill.exe
Token: SeDebugPrivilege	2456	taskkill.exe
Token: SeDebugPrivilege	880	taskkill.exe
Token: SeDebugPrivilege	2008	taskkill.exe
Token: SeDebugPrivilege	328	taskkill.exe
Token: SeDebugPrivilege	796	taskkill.exe
Token: SeDebugPrivilege	1120	taskkill.exe
Token: SeDebugPrivilege	1636	taskkill.exe
Token: SeDebugPrivilege	2156	taskkill.exe
Token: SeDebugPrivilege	2956	taskkill.exe
Token: SeDebugPrivilege	2136	taskkill.exe
Token: SeDebugPrivilege	1128	taskkill.exe
Token: SeDebugPrivilege	2432	taskkill.exe
Token: SeDebugPrivilege	1308	taskkill.exe
Token: SeDebugPrivilege	928	taskkill.exe
Token: SeDebugPrivilege	1680	taskkill.exe
Token: SeDebugPrivilege	1200	taskkill.exe
Token: SeDebugPrivilege	1528	taskkill.exe
Token: SeDebugPrivilege	2180	taskkill.exe
Token: SeDebugPrivilege	2344	taskkill.exe
Token: SeDebugPrivilege	1696	taskkill.exe
Token: SeDebugPrivilege	2448	taskkill.exe
Token: SeDebugPrivilege	560	taskkill.exe
Token: SeDebugPrivilege	2100	taskkill.exe
Token: SeDebugPrivilege	1060	taskkill.exe
Token: SeDebugPrivilege	2268	taskkill.exe
Token: SeDebugPrivilege	1552	taskkill.exe
Token: SeDebugPrivilege	1784	taskkill.exe
Token: SeDebugPrivilege	1056	taskkill.exe
Token: SeDebugPrivilege	1584	taskkill.exe
Token: SeDebugPrivilege	1588	taskkill.exe
Token: SeDebugPrivilege	2748	taskkill.exe
Token: SeDebugPrivilege	2760	taskkill.exe
Token: SeDebugPrivilege	1152	taskkill.exe
Token: SeDebugPrivilege	2976	taskkill.exe
Token: SeDebugPrivilege	3036	taskkill.exe
Token: SeDebugPrivilege	2916	taskkill.exe
Token: SeDebugPrivilege	2720	taskkill.exe
Token: SeDebugPrivilege	1908	taskkill.exe
Token: SeDebugPrivilege	2780	taskkill.exe
Token: SeDebugPrivilege	2552	taskkill.exe
Token: SeDebugPrivilege	2596	taskkill.exe
Token: SeDebugPrivilege	2360	taskkill.exe
Token: SeDebugPrivilege	1516	taskkill.exe
Token: SeDebugPrivilege	2364	taskkill.exe
Token: SeDebugPrivilege	964	taskkill.exe
Token: SeDebugPrivilege	1440	taskkill.exe
Token: SeDebugPrivilege	1092	taskkill.exe
Token: SeDebugPrivilege	1468	taskkill.exe
Token: SeDebugPrivilege	1148	taskkill.exe
Token: SeDebugPrivilege	880	taskkill.exe
Token: SeDebugPrivilege	328	taskkill.exe
Token: SeDebugPrivilege	1896	taskkill.exe
Token: SeDebugPrivilege	1120	taskkill.exe
Token: SeDebugPrivilege	2164	taskkill.exe
Token: SeDebugPrivilege	2384	taskkill.exe
Token: SeDebugPrivilege	2880	taskkill.exe
Token: SeDebugPrivilege	2136	taskkill.exe
Token: SeDebugPrivilege	1264	taskkill.exe
Token: SeDebugPrivilege	2872	taskkill.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2692	tibia.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 2804	2328	d0e2857585fb0593c05f3a7414886dc2_JaffaCakes118.exe	31
PID 2328 wrote to memory of 2804	2328	d0e2857585fb0593c05f3a7414886dc2_JaffaCakes118.exe	31
PID 2328 wrote to memory of 2804	2328	d0e2857585fb0593c05f3a7414886dc2_JaffaCakes118.exe	31
PID 2328 wrote to memory of 2804	2328	d0e2857585fb0593c05f3a7414886dc2_JaffaCakes118.exe	31
PID 2328 wrote to memory of 2712	2328	d0e2857585fb0593c05f3a7414886dc2_JaffaCakes118.exe	32
PID 2328 wrote to memory of 2712	2328	d0e2857585fb0593c05f3a7414886dc2_JaffaCakes118.exe	32
PID 2328 wrote to memory of 2712	2328	d0e2857585fb0593c05f3a7414886dc2_JaffaCakes118.exe	32
PID 2328 wrote to memory of 2712	2328	d0e2857585fb0593c05f3a7414886dc2_JaffaCakes118.exe	32
PID 2712 wrote to memory of 2740	2712	MC.EXE	34
PID 2712 wrote to memory of 2740	2712	MC.EXE	34
PID 2712 wrote to memory of 2740	2712	MC.EXE	34
PID 2712 wrote to memory of 2740	2712	MC.EXE	34
PID 2712 wrote to memory of 2692	2712	MC.EXE	35
PID 2712 wrote to memory of 2692	2712	MC.EXE	35
PID 2712 wrote to memory of 2692	2712	MC.EXE	35
PID 2712 wrote to memory of 2692	2712	MC.EXE	35
PID 2740 wrote to memory of 2560	2740	cmd.exe	37
PID 2740 wrote to memory of 2560	2740	cmd.exe	37
PID 2740 wrote to memory of 2560	2740	cmd.exe	37
PID 2740 wrote to memory of 2560	2740	cmd.exe	37
PID 2804 wrote to memory of 2568	2804	cmd.exe	38
PID 2804 wrote to memory of 2568	2804	cmd.exe	38
PID 2804 wrote to memory of 2568	2804	cmd.exe	38
PID 2804 wrote to memory of 2568	2804	cmd.exe	38
PID 2804 wrote to memory of 2580	2804	cmd.exe	39
PID 2804 wrote to memory of 2580	2804	cmd.exe	39
PID 2804 wrote to memory of 2580	2804	cmd.exe	39
PID 2804 wrote to memory of 2580	2804	cmd.exe	39
PID 2740 wrote to memory of 2616	2740	cmd.exe	40
PID 2740 wrote to memory of 2616	2740	cmd.exe	40
PID 2740 wrote to memory of 2616	2740	cmd.exe	40
PID 2740 wrote to memory of 2616	2740	cmd.exe	40
PID 2740 wrote to memory of 2628	2740	cmd.exe	41
PID 2740 wrote to memory of 2628	2740	cmd.exe	41
PID 2740 wrote to memory of 2628	2740	cmd.exe	41
PID 2740 wrote to memory of 2628	2740	cmd.exe	41
PID 2804 wrote to memory of 536	2804	cmd.exe	42
PID 2804 wrote to memory of 536	2804	cmd.exe	42
PID 2804 wrote to memory of 536	2804	cmd.exe	42
PID 2804 wrote to memory of 536	2804	cmd.exe	42
PID 2740 wrote to memory of 964	2740	cmd.exe	44
PID 2740 wrote to memory of 964	2740	cmd.exe	44
PID 2740 wrote to memory of 964	2740	cmd.exe	44
PID 2740 wrote to memory of 964	2740	cmd.exe	44
PID 2804 wrote to memory of 1664	2804	cmd.exe	45
PID 2804 wrote to memory of 1664	2804	cmd.exe	45
PID 2804 wrote to memory of 1664	2804	cmd.exe	45
PID 2804 wrote to memory of 1664	2804	cmd.exe	45
PID 2740 wrote to memory of 1204	2740	cmd.exe	46
PID 2740 wrote to memory of 1204	2740	cmd.exe	46
PID 2740 wrote to memory of 1204	2740	cmd.exe	46
PID 2740 wrote to memory of 1204	2740	cmd.exe	46
PID 2804 wrote to memory of 2456	2804	cmd.exe	47
PID 2804 wrote to memory of 2456	2804	cmd.exe	47
PID 2804 wrote to memory of 2456	2804	cmd.exe	47
PID 2804 wrote to memory of 2456	2804	cmd.exe	47
PID 2740 wrote to memory of 880	2740	cmd.exe	48
PID 2804 wrote to memory of 2008	2804	cmd.exe	49
PID 2804 wrote to memory of 2008	2804	cmd.exe	49
PID 2740 wrote to memory of 880	2740	cmd.exe	48
PID 2804 wrote to memory of 2008	2804	cmd.exe	49
PID 2740 wrote to memory of 880	2740	cmd.exe	48
PID 2804 wrote to memory of 2008	2804	cmd.exe	49
PID 2740 wrote to memory of 880	2740	cmd.exe	48

C:\Users\Admin\AppData\Local\Temp\d0e2857585fb0593c05f3a7414886dc2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d0e2857585fb0593c05f3a7414886dc2_JaffaCakes118.exe"
1⤵
- Identifies Wine through registry keys
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Windows\STREEAM.BAT" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2804
- - C:\Windows\SysWOW64\reg.exe
    REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v kill /f
    3⤵
    PID:2568
- - C:\Windows\SysWOW64\reg.exe
    REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v kill /t REG_SZ /d c:\windows\AV KILL Final Version By Quake.BAT /f
    3⤵
    - Modifies registry key
    PID:2580
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nod32kui.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:536
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nod32krn.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1664
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nod32.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2456
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im kav.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2008
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im kavmm.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avp.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1636
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgemc.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2956
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgcc.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1128
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgamsvr.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1308
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgupsvc.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1680
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgw.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1528
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ashwebsv.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2344
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ashdisp.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:560
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ashmaisv.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1060
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ashserv.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1552
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ashwebsv.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1056
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im aswupdsv.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1584
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ewidoctrl.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2748
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im guard.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1152
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im gcasdtserv.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3036
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im msmpeng.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1908
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcafee.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2780
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mghml.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2360
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im msiexec.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2364
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im outpost.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1440
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im isafe.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1468
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im minilog.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:880
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im zonealarm.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1896
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im zlclient.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2164
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im updclient.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2384
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccapp.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2136
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navw32.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2872
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norton.exe
    3⤵
    PID:1848
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navapsvc.exe
    3⤵
    PID:2036
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccsetmgr.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2940
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cccproxy.exe
    3⤵
    PID:2344
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccapp.exe
    3⤵
    PID:2212
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccevtmgr.exe
    3⤵
    PID:860
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npfmntor.exe
    3⤵
    - Kills process with taskkill
    PID:2920
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im logexprt.exe
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nisum.exe
    3⤵
    PID:2440
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im issvc.exe
    3⤵
    PID:2760
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cpdclnt.exe
    3⤵
    PID:2644
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavprsrv.exe
    3⤵
    - Kills process with taskkill
    PID:2572
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavprot.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2720
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avengine.exe
    3⤵
    PID:580
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im apvxdwin.exe
    3⤵
    PID:2596
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im webproxy.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1684
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avguard.exe
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgnt.exe
    3⤵
    PID:2020
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im shed.exe
    3⤵
    PID:796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avsched32.exe
    3⤵
    PID:2900
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sccomm.exe
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spiderml.exe
    3⤵
    PID:780
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sgmain.exe
    3⤵
    - Kills process with taskkill
    PID:1264
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spywareguard.exe
    3⤵
    PID:696
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im kpf4gui.exe
    3⤵
    PID:2852
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im kpf4ss.exe
    3⤵
    PID:352
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcdash.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:684
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcdetect.exe
    3⤵
    PID:2336
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcregwiz.exe
    3⤵
    PID:1000
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcinfo.exe
    3⤵
    PID:860
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mghtml.exe
    3⤵
    PID:2920
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im oasclnt.exe
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpfagent.exe
    3⤵
    PID:2348
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpfconsole.exe
    3⤵
    PID:3036
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpfservice.exe
    3⤵
    PID:2644
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpftray.exe
    3⤵
    PID:2544
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpfwizard.exe
    3⤵
    PID:2628
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mvtx.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2780
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im _avp32.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:536
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im _avpcc.exe
    3⤵
    PID:320
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im _avpm.exe
    3⤵
    PID:1204
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ackwin32.exe
    3⤵
    - Kills process with taskkill
    PID:328
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im advxdwin.exe
    3⤵
    PID:880
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im agentsvr.exe
    3⤵
    - Kills process with taskkill
    PID:2820
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im agv.exe
    3⤵
    PID:1120
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ahnsd.exe
    3⤵
    PID:748
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im alertsvc.exe
    3⤵
    PID:1532
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im alogserv.exe
    3⤵
    PID:768
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im amon.exe
    3⤵
    PID:1712
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im amon9x.exe
    3⤵
    PID:2312
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im amonavp32.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:684
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im anti -trojan.exe
    3⤵
    PID:2084
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im antivir.exe
    3⤵
    PID:2212
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im antivirus.exe
    3⤵
    PID:2060
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ants.exe
    3⤵
    PID:2776
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im antssircam.exe
    3⤵
    PID:2796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im apimonitor.exe
    3⤵
    PID:3008
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im aplica32.exe
    3⤵
    PID:2768
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im apvxdwin.exe
    3⤵
    PID:2904
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im atcon.exe
    3⤵
    PID:2916
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im atguard.exe
    3⤵
    PID:2676
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ats.exe
    3⤵
    PID:772
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im atscan.exe
    3⤵
    PID:1664
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im atupdater.exe
    3⤵
    PID:1672
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im atwatch.exe
    3⤵
    PID:1016
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im autodown.exe
    3⤵
    PID:1796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im autotrace.exe
    3⤵
    PID:3068
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im autoupdate.exe
    3⤵
    PID:1524
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avconsol.exe
    3⤵
    PID:2384
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ave32.exe
    3⤵
    PID:992
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgcc32.exe
    3⤵
    PID:1264
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgctrl.exe
    3⤵
    PID:1368
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgserv.exe
    3⤵
    PID:2056
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgserv9.exe
    3⤵
    PID:1756
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgserv9schedapp.exe
    3⤵
    PID:112
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgw.exe
    3⤵
    PID:2336
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avkpop.exe
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avkserv.exe
    3⤵
    PID:1452
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avkservice.exe
    3⤵
    PID:2776
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avkwcl9.exe
    3⤵
    PID:2736
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avkwctl9.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2876
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avnt.exe
    3⤵
    PID:2904
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avp.exe
    3⤵
    PID:2360
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avp32.exe
    3⤵
    PID:2720
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpcc.exe
    3⤵
    PID:2092
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im AVPCC Service.exe
    3⤵
    PID:1724
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpccavpm.exe
    3⤵
    PID:1684
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpdos32.exe
    3⤵
    PID:1676
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpexec.exe
    3⤵
    PID:796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpinst.exe
    3⤵
    PID:328
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpm.exe
    3⤵
    PID:1300
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpmonitor.exe
    3⤵
    PID:944
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avptc.exe
    3⤵
    PID:2856
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avptc32.exe
    3⤵
    PID:612
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpupd.exe
    3⤵
    PID:1576
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpupdates.exe
    3⤵
    PID:1200
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avrescue.exe
    3⤵
    PID:1852
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avsched32.exe
    3⤵
    PID:1360
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avsynmgr.exe
    3⤵
    - Kills process with taskkill
    PID:888
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avwin95.exe
    3⤵
    PID:400
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avwinnt.exe
    3⤵
    PID:2756
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avwupd32.exe
    3⤵
    PID:2764
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxgui.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3020
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxinit.exe
    3⤵
    PID:1928
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxlive.exe
    3⤵
    - Kills process with taskkill
    PID:2624
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxmonitor9x.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2728
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxmonitornt.exe
    3⤵
    PID:2888
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxnews.exe
    3⤵
    PID:2676
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxquar.exe
    3⤵
    PID:536
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxsch.exe
    3⤵
    PID:2032
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxw.exe
    3⤵
    PID:988
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im BACKLOG.exe
    3⤵
    PID:1620
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bd_professional.exe
    3⤵
    PID:2140
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bidef.exe
    3⤵
    PID:2880
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bidserver.exe
    3⤵
    PID:1524
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bipcp.exe
    3⤵
    PID:2512
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bisp.exe
    3⤵
    PID:700
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im blackd.exe
    3⤵
    PID:768
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im blackice.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:696
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im blackiceblackd.exe
    3⤵
    PID:2792
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im BootWarn.exe
    3⤵
    PID:2452
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im borg2.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:876
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bs120.exe
    3⤵
    PID:2116
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bullguard.exe
    3⤵
    PID:1492
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccApp.exe
    3⤵
    PID:2756
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccevtmgr.exe
    3⤵
    PID:2776
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccIMScan.exe
    3⤵
    PID:2348
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccPwdSrc.exe
    3⤵
    PID:2572
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccpxysvc.exe
    3⤵
    PID:2328
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccSetMgr.exe
    3⤵
    PID:2604
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cdp.exe
    3⤵
    - Kills process with taskkill
    PID:2296
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cfiadmin.exe
    3⤵
    PID:1992
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cfiaudit.exe
    3⤵
    PID:536
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cfinet.exe
    3⤵
    - Kills process with taskkill
    PID:1624
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cfinet32.exe
    3⤵
    PID:988
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im claw95.exe
    3⤵
    PID:2356
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im claw95cf.exe
    3⤵
    PID:1316
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im clean.exe
    3⤵
    PID:2104
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cleaner.exe
    3⤵
    PID:896
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cleaner3.exe
    3⤵
    PID:2512
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cleanpc.exe
    3⤵
    PID:604
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cmgrdian.exe
    3⤵
    PID:1704
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cmon016.exe
    3⤵
    PID:2100
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im codered.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2188
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im connectionmonitor.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:2212
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im conseal.exe
    3⤵
    PID:2336
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cpd.exe
    3⤵
    PID:2684
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cpf9x206.exe
    3⤵
    PID:2752
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ctrl.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2928
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im defalert.exe
    3⤵
    PID:1928
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im defence.exe
    3⤵
    PID:2912
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im defense.exe
    3⤵
    PID:2560
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im defscangui.exe
    3⤵
    PID:2812
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im defwatch.exe
    3⤵
    PID:2628
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im deputy.exe
    3⤵
    PID:2332
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im doors.exe
    3⤵
    PID:1724
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im dpf.exe
    3⤵
    PID:2364
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im drwatson.exe
    3⤵
    PID:964
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im drweb32.exe
    3⤵
    PID:1972
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im dvp95.exe
    3⤵
    PID:2292
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im dvp95_0.exe
    3⤵
    PID:1208
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ecengine.exe
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im edisk.exe
    3⤵
    PID:1528
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im efpeadm.exe
    3⤵
    PID:1576
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im esafe.exe
    3⤵
    PID:696
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im escanh95.exe
    3⤵
    PID:1372
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im escanhnt.exe
    3⤵
    PID:2344
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im escanv95.exe
    3⤵
    PID:804
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im espwatch.exe
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im etrustcipe.exe
    3⤵
    PID:2060
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im evpn.exe
    3⤵
    PID:2684
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im exantivirus -cnet.exe
    3⤵
    PID:2216
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fameh32.exe
    3⤵
    PID:2408
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fast.exe
    3⤵
    PID:2340
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fch32.exe
    3⤵
    PID:2564
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fih32.exe
    3⤵
    PID:2328
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im findviru.exe
    3⤵
    PID:2604
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im firewall.exe
    3⤵
    PID:2716
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fix-it.exe
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im flowprotector.exe
    3⤵
    PID:1660
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fnrb32.exe
    3⤵
    PID:2008
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fp -win.exe
    3⤵
    PID:2900
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fp -win_trial.exe
    3⤵
    PID:2648
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fprot.exe
    3⤵
    PID:1936
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im frw.exe
    3⤵
    PID:2248
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsaa.exe
    3⤵
    PID:1208
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsav32.exe
    3⤵
    PID:2652
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsav95.exe
    3⤵
    PID:2124
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsave32.exe
    3⤵
    PID:1964
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsgk32.exe
    3⤵
    PID:2088
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsm32.exe
    3⤵
    PID:560
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsma32.exe
    3⤵
    PID:1552
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsmb32.exe
    3⤵
    PID:1944
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fwenc.exe
    3⤵
    PID:2116
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im gbmenu.exe
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im gbpoll.exe
    3⤵
    PID:2748
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im gedit.exe
    3⤵
    PID:2440
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im generics.exe
    3⤵
    PID:1908
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im grief3878.exe
    3⤵
    - Kills process with taskkill
    PID:1648
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im guard.exe
    3⤵
    PID:2360
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im guarddog.exe
    3⤵
    PID:2624
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im HackerEliminator.exe
    3⤵
    - Kills process with taskkill
    PID:2888
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iamapp.exe
    3⤵
    PID:2700
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iamserv.exe
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iamstats.exe
    3⤵
    PID:536
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ibmasn.exe
    3⤵
    PID:1708
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ibmavsp.exe
    3⤵
    PID:2648
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im icload95.exe
    3⤵
    - Kills process with taskkill
    PID:2356
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im icloadnt.exe
    3⤵
    PID:1848
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im icmon.exe
    3⤵
    PID:1208
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im icsupp95.exe
    3⤵
    PID:2028
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im icsuppnt.exe
    3⤵
    PID:1308
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iface.exe
    3⤵
    - Kills process with taskkill
    PID:768
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ifw2000.exe
    3⤵
    PID:1872
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im inoculateit.exe
    3⤵
    PID:2072
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iomon98.exe
    3⤵
    PID:340
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iparmor.exe
    3⤵
    PID:2680
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iris.exe
    3⤵
    PID:1452
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im isrv95.exe
    3⤵
    PID:1584
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im jammer.exe
    3⤵
    PID:2656
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im jedi.exe
    3⤵
    PID:2924
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im kavpf.exe
    3⤵
    PID:2348
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ldnetmon.exe
    3⤵
    PID:2416
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ldpromenu.exe
    3⤵
    - Kills process with taskkill
    PID:3000
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ldscan.exe
    3⤵
    PID:2596
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im localnet.exe
    3⤵
    PID:2700
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im lockdown.exe
    3⤵
    PID:1624
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im lookout.exe
    3⤵
    PID:1468
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im luall.exe
    3⤵
    PID:1708
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im lucomserver.exe
    3⤵
    PID:1796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im luspt.exe
    3⤵
    - Kills process with taskkill
    PID:2292
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcafee.exe
    3⤵
    PID:1848
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcagent.exe
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcmnhdlr.exe
    3⤵
    PID:1532
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcshield.exe
    3⤵
    PID:992
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcshieldvvstat.exe
    3⤵
    - Kills process with taskkill
    PID:2940
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mctool.exe
    3⤵
    - Kills process with taskkill
    PID:1372
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcupdate.exe
    3⤵
    PID:1360
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcvsrte.exe
    3⤵
    - Kills process with taskkill
    PID:2072
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcvsshld.exe
    3⤵
    PID:2708
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mgavrtcl.exe
    3⤵
    PID:2060
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mgavrte.exe
    3⤵
    PID:2556
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mghtml.exe
    3⤵
    PID:2976
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mgui.exe
    3⤵
    PID:2828
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im minilog.exe
    3⤵
    PID:2560
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mon.exe
    3⤵
    - Kills process with taskkill
    PID:2824
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im monitor.exe
    3⤵
    PID:2676
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im monsys32.exe
    3⤵
    PID:580
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im monsysnt.exe
    3⤵
    PID:2296
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im moolive.exe
    3⤵
    PID:320
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpfservice.exe
    3⤵
    PID:1920
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpftray.exe
    3⤵
    PID:1912
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mrflux.exe
    3⤵
    - Kills process with taskkill
    PID:2140
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im msinfo32.exe
    3⤵
    PID:2880
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mwatch.exe
    3⤵
    PID:2356
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mxtask.exe
    3⤵
    PID:2384
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im n32scanw.exe
    3⤵
    PID:2856
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nav.exe
    3⤵
    PID:2432
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im NAV DefAlert.exe
    3⤵
    PID:2056
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nav32.exe
    3⤵
    PID:2448
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navalert.exe
    3⤵
    PID:2792
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navap.exe
    3⤵
    PID:1568
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navapsvc.exe
    3⤵
    PID:2212
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im NAVAPW32.exe
    3⤵
    PID:2708
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navauto -protect.exe
    3⤵
    PID:2244
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navdx.exe
    3⤵
    PID:2784
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navengnavex15.exe
    3⤵
    PID:2264
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navlu32.exe
    3⤵
    PID:2580
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navnt.exe
    3⤵
    PID:2800
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navrunr.exe
    3⤵
    PID:2996
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navstub.exe
    3⤵
    PID:2812
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navw32.exe
    3⤵
    PID:2092
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Navwnt.exe
    3⤵
    PID:2364
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nc2000.exe
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ndd32.exe
    3⤵
    PID:1620
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im neomonitor.exe
    3⤵
    PID:2956
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im neowatchlog.exe
    3⤵
    - Kills process with taskkill
    PID:2436
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im net2000.exe
    3⤵
    - Kills process with taskkill
    PID:3068
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netarmor.exe
    3⤵
    PID:408
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netcommando.exe
    3⤵
    - Kills process with taskkill
    PID:748
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netinfo.exe
    3⤵
    PID:2320
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netmon.exe
    3⤵
    PID:1308
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netpro.exe
    3⤵
    PID:768
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netprotect.exe
    3⤵
    PID:2088
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netscanpro.exe
    3⤵
    - Kills process with taskkill
    PID:2764
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netspyhunter -1.2.exe
    3⤵
    PID:2452
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netstat.exe
    3⤵
    PID:860
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netutils.exe
    3⤵
    PID:2212
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netutils].exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2116
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nimda.exe
    3⤵
    PID:2664
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nisserv.exe
    3⤵
    PID:2976
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nisum.exe
    3⤵
    - Kills process with taskkill
    PID:2972
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nisumnisservnisum.exe
    3⤵
    PID:2644
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nmain.exe
    3⤵
    PID:2916
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nod32.exe
    3⤵
    PID:3000
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norman.exe
    3⤵
    PID:2600
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norman_32.exe
    3⤵
    PID:588
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norman_av.exe
    3⤵
    PID:1196
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norman32.exe
    3⤵
    PID:1344
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im normanav.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2020
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im normist.exe
    3⤵
    PID:988
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norton.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:448
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Norton Auto-Protect.exe
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norton_av.exe
    3⤵
    PID:328
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nortonav.exe
    3⤵
    PID:1532
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im notstart.exe
    3⤵
    PID:1540
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npfmessenger.exe
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npfw.exe
    3⤵
    PID:2128
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npfw32.exe
    3⤵
    PID:1780
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nprotect.exe
    3⤵
    PID:2084
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npscheck.exe
    3⤵
    PID:1552
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npssvc.exe
    3⤵
    PID:2752
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nresq32.exe
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nsched32.exe
    3⤵
    - Kills process with taskkill
    PID:3008
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nschednt.exe
    3⤵
    PID:2924
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nsplugin.exe
    3⤵
    PID:2552
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ntrtscan.exe
    3⤵
    PID:2876
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ntvdm.exe
    3⤵
    PID:2560
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ntxconfig.exe
    3⤵
    PID:632
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nui.exe
    3⤵
    PID:1996
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nupgrade.exe
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nvarch16.exe
    3⤵
    PID:2860
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nvc95.exe
    3⤵
    PID:2184
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nvsvc32.exe
    3⤵
    PID:2456
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nwservice.exe
    3⤵
    PID:828
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nwtool16.exe
    3⤵
    PID:2848
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im offguard.exe
    3⤵
    PID:2864
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im OPScan.exe
    3⤵
    PID:780
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ostronet.exe
    3⤵
    PID:896
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im outpost.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1540
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im padmin.exe
    3⤵
    PID:2100
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im panda.exe
    3⤵
    PID:2764
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pandaav.exe
    3⤵
    PID:2080
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im panixk.exe
    3⤵
    PID:2204
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pav.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3024
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavcl.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:2116
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavproxy.exe
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavsched.exe
    3⤵
    PID:2928
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavw.exe
    3⤵
    PID:2980
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pc -cillan.exe
    3⤵
    PID:2428
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pc -cillin.exe
    3⤵
    PID:2912
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pccclient.exe
    3⤵
    PID:1464
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pccguide.exe
    3⤵
    PID:2328
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pcciomon.exe
    3⤵
    PID:2676
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pccntmon.exe
    3⤵
    PID:1724
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pccwin97.exe
    3⤵
    PID:1148
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pccwin98.exe
    3⤵
    PID:1620
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pcfwallicon.exe
    3⤵
    PID:2844
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pcscan.exe
    3⤵
    PID:1300
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im periscope.exe
    3⤵
    PID:448
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im persfw.exe
    3⤵
    PID:1696
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pf2.exe
    3⤵
    PID:2320
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pfwadmin.exe
    3⤵
    PID:668
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pingscan.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2872
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im platin.exe
    3⤵
    PID:1368
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pop3trap.exe
    3⤵
    PID:1716
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im poproxy.exe
    3⤵
    PID:2764
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im portdetective.exe
    3⤵
    PID:860
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im portmonitor.exe
    3⤵
    - Kills process with taskkill
    PID:2244
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ppinupdt.exe
    3⤵
    PID:2696
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pptbc.exe
    3⤵
    PID:2664
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ppvstop.exe
    3⤵
    PID:2592
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im processmonitor.exe
    3⤵
    PID:2776
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im procexplorerv10#.exe
    3⤵
    PID:3032
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im programauditor.exe
    3⤵
    PID:2840
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im proport.exe
    3⤵
    PID:2824
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im protectx.exe
    3⤵
    PID:1440
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pspf.exe
    3⤵
    PID:1968
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im purge.exe
    3⤵
    PID:320
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pview95.exe
    3⤵
    PID:2184
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pw32.exe
    3⤵
    PID:1560
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im qconsole.exe
    3⤵
    PID:2844
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rav.exe
    3⤵
    PID:1300
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rav7.exe
    3⤵
    PID:928
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rav7win.exe
    3⤵
    PID:1128
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im realmon.exe
    3⤵
    PID:1200
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im regrun2.exe
    3⤵
    PID:2472
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rescue.exe
    3⤵
    PID:2088
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rrguard.exe
    3⤵
    PID:1728
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rshell.exe
    3⤵
    PID:1360
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rtvscn95.exe
    3⤵
    PID:1324
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rulaunch.exe
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im safeweb.exe
    3⤵
    PID:3020
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im SAVscan.exe
    3⤵
    PID:2796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sbserv.exe
    3⤵
    PID:2976
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im SBservice.exe
    3⤵
    PID:1364
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im scan.exe
    3⤵
    PID:2368
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im scan32.exe
    3⤵
    PID:2596
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im scan95.exe
    3⤵
    PID:1992
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im scanpm.exe
    3⤵
    - Kills process with taskkill
    PID:2296
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im scrscan.exe
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sd.exe
    3⤵
    PID:2120
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im SENS.exe
    3⤵
    PID:2956
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im serv95.exe
    3⤵
    PID:1560
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sfc.exe
    3⤵
    PID:1208
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sh.exe
    3⤵
    PID:408
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sharedaccess.exe
    3⤵
    PID:1524
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im shn.exe
    3⤵
    PID:1528
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im smc.exe
    3⤵
    PID:1720
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sofi.exe
    3⤵
    PID:2124
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sophos.exe
    3⤵
    PID:2692
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sophos_av.exe
    3⤵
    PID:2792
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sophosav.exe
    3⤵
    PID:1872
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spf.exe
    3⤵
    PID:2680
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sphinx.exe
    3⤵
    PID:2712
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spy.exe
    3⤵
    PID:2828
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spygate.exe
    3⤵
    PID:2116
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spyx.exe
    3⤵
    PID:2576
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spyxx.exe
    3⤵
    PID:2800
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im srwatch.exe
    3⤵
    PID:1364
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ss3edit.exe
    3⤵
    PID:2368
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im st2.exe
    3⤵
    - Kills process with taskkill
    PID:1996
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im supftrl.exe
    3⤵
    PID:1204
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im supp95.exe
    3⤵
    - Kills process with taskkill
    PID:2044
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im supporter5.exe
    3⤵
    PID:1148
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sweep95.exe
    3⤵
    PID:1624
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sweepnet.exe
    3⤵
    PID:2956
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sweepsrv.sys.exe
    3⤵
    PID:2248
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sweepsrv.sysvshwin32.exe
    3⤵
    PID:2648
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im swnetsup.exe
    3⤵
    PID:2036
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im symantec.exe
    3⤵
    - Kills process with taskkill
    PID:1524
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Symantec Core LC.exe
    3⤵
    PID:1528
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im symlcsvc.exe
    3⤵
    PID:1264
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im symproxysvc.exe
    3⤵
    - Kills process with taskkill
    PID:668
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im symtray.exe
    3⤵
    PID:1964
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sysedit.exe
    3⤵
    PID:1728
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im taskmon.exe
    3⤵
    PID:400
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im taumon.exe
    3⤵
    PID:2072
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tauscan.exe
    3⤵
    PID:1776
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tbscan.exe
    3⤵
    PID:3024
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tcm.exe
    3⤵
    PID:2768
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tctca.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1600
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tds -3.exe
    3⤵
    - Kills process with taskkill
    PID:2644
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tds2 -98.exe
    3⤵
    PID:2816
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tds2 -nt.exe
    3⤵
    PID:2568
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tfak.exe
    3⤵
    PID:2788
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tfak5.exe
    3⤵
    PID:1664
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tgbob.exe
    3⤵
    PID:2328
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im trendmicro.exe
    3⤵
    PID:332
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im trjscan.exe
    3⤵
    PID:1340
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im trojantrap3.exe
    3⤵
    PID:1724
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im TrueVector.exe
    3⤵
    PID:2860
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im undoboot.exe
    3⤵
    PID:2900
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im update.exe
    3⤵
    PID:2356
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vbcmserv.exe
    3⤵
    PID:448
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vbcons.exe
    3⤵
    PID:2864
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vbust.exe
    3⤵
    PID:2056
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vbwin9x.exe
    3⤵
    PID:1264
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vbwinntw.exe
    3⤵
    PID:1756
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vccmserv.exe
    3⤵
    PID:2904
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vcontrol.exe
    3⤵
    PID:1184
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vet32.exe
    3⤵
    PID:2080
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vet95.exe
    3⤵
    PID:1552
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vettray.exe
    3⤵
    PID:2920
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vir -help.exe
    3⤵
    PID:1784
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im virus.exe
    3⤵
    PID:3024
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im virusmdpersonalfirewall.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2760
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vnlan300.exe
    3⤵
    PID:2576
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vnpc3000.exe
    3⤵
    PID:2544
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vpc32.exe
    3⤵
    PID:1464
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vpfw30s.exe
    3⤵
    PID:1648
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vptray.exe
    3⤵
    PID:2720
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vscan40.exe
    3⤵
    PID:2328
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vsched.exe
    3⤵
    PID:1092
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vsecomr.exe
    3⤵
    PID:1016
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vshwin32.exe
    3⤵
    PID:2880
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vshwin32vbcmserv.exe
    3⤵
    PID:1708
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vsmain.exe
    3⤵
    PID:2620
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vsmon.exe
    3⤵
    PID:780
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vsstat.exe
    3⤵
    PID:2856
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vswin9xe.exe
    3⤵
    PID:1308
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vswinntse.exe
    3⤵
    PID:2432
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im w9x.exe
    3⤵
    PID:684
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im watchdog.exe
    3⤵
    PID:1000
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im webscanx.exe
    3⤵
    PID:2556
- C:\Windows\MC.EXE
  "C:\Windows\MC.EXE"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2712
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c ""C:\Windows\streeamupd.bat" "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Windows\SysWOW64\reg.exe
      REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v kill /f
      4⤵
      PID:2560
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v kill /t REG_SZ /d c:\windows\AV KILL Final Version By Quake.BAT /f
      4⤵
      Modifies registry key
      PID:2616
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32kui.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2628
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32krn.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:964
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1204
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kav.exe
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:880
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kavmm.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:328
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avp.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1120
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgemc.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2156
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgcc.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2136
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgamsvr.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2432
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgupsvc.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:928
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgw.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1200
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashwebsv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2180
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashdisp.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1696
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashmaisv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2448
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashserv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2100
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashwebsv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2268
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im aswupdsv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1784
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ewidoctrl.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1588
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im guard.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2760
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gcasdtserv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2976
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im msmpeng.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2916
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcafee.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:2720
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mghml.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2552
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im msiexec.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2596
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im outpost.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1516
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im isafe.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:964
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im minilog.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1092
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zonealarm.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1148
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zlclient.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:328
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im updclient.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1120
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccapp.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2880
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navw32.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1264
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norton.exe
      4⤵
      PID:1576
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navapsvc.exe
      4⤵
      PID:604
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccsetmgr.exe
      4⤵
      PID:1088
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cccproxy.exe
      4⤵
      PID:684
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccapp.exe
      4⤵
      PID:2128
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccevtmgr.exe
      4⤵
      Kills process with taskkill
      PID:560
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npfmntor.exe
      4⤵
      PID:2084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im logexprt.exe
      4⤵
      PID:1776
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nisum.exe
      4⤵
      PID:1788
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im issvc.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1692
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cpdclnt.exe
      4⤵
      PID:2972
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavprsrv.exe
      4⤵
      PID:2980
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavprot.exe
      4⤵
      PID:2916
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avengine.exe
      4⤵
      PID:2416
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im apvxdwin.exe
      4⤵
      PID:2780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im webproxy.exe
      4⤵
      PID:536
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avguard.exe
      4⤵
      PID:2840
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgnt.exe
      4⤵
      PID:1204
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im shed.exe
      4⤵
      PID:1016
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avsched32.exe
      4⤵
      Kills process with taskkill
      PID:880
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sccomm.exe
      4⤵
      PID:908
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spiderml.exe
      4⤵
      PID:2848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sgmain.exe
      4⤵
      PID:2384
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spywareguard.exe
      4⤵
      PID:1308
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kpf4gui.exe
      4⤵
      PID:1576
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kpf4ss.exe
      4⤵
      PID:604
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcdash.exe
      4⤵
      PID:1088
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcdetect.exe
      4⤵
      PID:2096
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcregwiz.exe
      4⤵
      PID:2344
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcinfo.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:340
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mghtml.exe
      4⤵
      PID:1056
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im oasclnt.exe
      4⤵
      PID:2708
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfagent.exe
      4⤵
      PID:2556
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfconsole.exe
      4⤵
      PID:1588
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfservice.exe
      4⤵
      PID:2992
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpftray.exe
      4⤵
      PID:2800
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfwizard.exe
      4⤵
      PID:2812
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mvtx.exe
      4⤵
      PID:2700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im _avp32.exe
      4⤵
      PID:1464
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im _avpcc.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1724
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im _avpm.exe
      4⤵
      PID:2840
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ackwin32.exe
      4⤵
      PID:1676
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im advxdwin.exe
      4⤵
      PID:2020
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im agentsvr.exe
      4⤵
      PID:2164
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im agv.exe
      4⤵
      PID:1208
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ahnsd.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2136
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im alertsvc.exe
      4⤵
      PID:992
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im alogserv.exe
      4⤵
      PID:1264
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im amon.exe
      4⤵
      PID:1200
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im amon9x.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im amonavp32.exe
      4⤵
      PID:1716
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im anti -trojan.exe
      4⤵
      PID:560
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im antivir.exe
      4⤵
      PID:2336
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im antivirus.exe
      4⤵
      Kills process with taskkill
      PID:1356
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ants.exe
      4⤵
      PID:2496
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im antssircam.exe
      4⤵
      PID:2080
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im apimonitor.exe
      4⤵
      PID:2664
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im aplica32.exe
      4⤵
      PID:1152
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im apvxdwin.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3032
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atcon.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2888
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atguard.exe
      4⤵
      PID:2360
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ats.exe
      4⤵
      PID:580
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atscan.exe
      4⤵
      PID:1992
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atupdater.exe
      4⤵
      PID:1684
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atwatch.exe
      4⤵
      PID:1468
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im autodown.exe
      4⤵
      PID:1912
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im autotrace.exe
      4⤵
      PID:2044
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im autoupdate.exe
      4⤵
      PID:2844
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avconsol.exe
      4⤵
      PID:2864
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ave32.exe
      4⤵
      PID:832
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgcc32.exe
      4⤵
      PID:1808
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgctrl.exe
      4⤵
      PID:2320
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgserv.exe
      4⤵
      Kills process with taskkill
      PID:1200
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgserv9.exe
      4⤵
      PID:1780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgserv9schedapp.exe
      4⤵
      PID:1360
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgw.exe
      4⤵
      PID:1184
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkpop.exe
      4⤵
      PID:1568
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkserv.exe
      4⤵
      PID:1056
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkservice.exe
      4⤵
      PID:2496
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkwcl9.exe
      4⤵
      PID:2704
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkwctl9.exe
      4⤵
      PID:2340
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avnt.exe
      4⤵
      PID:1600
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avp.exe
      4⤵
      PID:3032
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avp32.exe
      4⤵
      PID:2888
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpcc.exe
      4⤵
      PID:2916
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im AVPCC Service.exe
      4⤵
      PID:580
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpccavpm.exe
      4⤵
      PID:2332
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpdos32.exe
      4⤵
      PID:1660
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpexec.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1764
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpinst.exe
      4⤵
      PID:1912
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpm.exe
      4⤵
      PID:1896
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpmonitor.exe
      4⤵
      PID:2164
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avptc.exe
      4⤵
      PID:448
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avptc32.exe
      4⤵
      PID:896
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpupd.exe
      4⤵
      PID:1308
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpupdates.exe
      4⤵
      PID:696
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avrescue.exe
      4⤵
      PID:668
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avsched32.exe
      4⤵
      Kills process with taskkill
      PID:1732
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avsynmgr.exe
      4⤵
      Kills process with taskkill
      PID:2072
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avwin95.exe
      4⤵
      PID:112
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avwinnt.exe
      4⤵
      PID:1356
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avwupd32.exe
      4⤵
      PID:2660
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxgui.exe
      4⤵
      PID:2440
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxinit.exe
      4⤵
      PID:2664
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxlive.exe
      4⤵
      PID:2736
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxmonitor9x.exe
      4⤵
      PID:1648
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxmonitornt.exe
      4⤵
      PID:3000
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxnews.exe
      4⤵
      PID:2788
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxquar.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:632
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxsch.exe
      4⤵
      PID:332
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxw.exe
      4⤵
      Kills process with taskkill
      PID:964
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im BACKLOG.exe
      4⤵
      PID:1920
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bd_professional.exe
      4⤵
      PID:2356
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bidef.exe
      4⤵
      PID:1936
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bidserver.exe
      4⤵
      PID:328
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bipcp.exe
      4⤵
      PID:1128
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bisp.exe
      4⤵
      PID:832
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im blackd.exe
      4⤵
      PID:1532
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im blackice.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:612
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im blackiceblackd.exe
      4⤵
      PID:352
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im BootWarn.exe
      4⤵
      PID:1472
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im borg2.exe
      4⤵
      PID:2352
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bs120.exe
      4⤵
      PID:1088
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bullguard.exe
      4⤵
      PID:888
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccApp.exe
      4⤵
      PID:1584
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccevtmgr.exe
      4⤵
      PID:2796
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccIMScan.exe
      4⤵
      PID:2264
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccPwdSrc.exe
      4⤵
      PID:1588
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccpxysvc.exe
      4⤵
      PID:3028
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccSetMgr.exe
      4⤵
      PID:3036
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cdp.exe
      4⤵
      PID:3000
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cfiadmin.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3044
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cfiaudit.exe
      4⤵
      PID:632
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cfinet.exe
      4⤵
      PID:2840
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cfinet32.exe
      4⤵
      PID:2456
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im claw95.exe
      4⤵
      PID:796
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im claw95cf.exe
      4⤵
      PID:1896
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im clean.exe
      4⤵
      PID:2140
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cleaner.exe
      4⤵
      PID:3068
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cleaner3.exe
      4⤵
      PID:1608
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cleanpc.exe
      4⤵
      PID:1740
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cmgrdian.exe
      4⤵
      PID:2432
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cmon016.exe
      4⤵
      PID:612
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im codered.exe
      4⤵
      PID:1872
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im connectionmonitor.exe
      4⤵
      PID:2084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im conseal.exe
      4⤵
      PID:900
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cpd.exe
      4⤵
      PID:860
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cpf9x206.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2708
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ctrl.exe
      4⤵
      PID:2632
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defalert.exe
      4⤵
      PID:1152
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defence.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2924
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defense.exe
      4⤵
      PID:2876
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defscangui.exe
      4⤵
      PID:2576
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defwatch.exe
      4⤵
      PID:2816
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im deputy.exe
      4⤵
      PID:2284
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im doors.exe
      4⤵
      PID:2700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im dpf.exe
      4⤵
      PID:320
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im drwatson.exe
      4⤵
      PID:2020
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im drweb32.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1636
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im dvp95.exe
      4⤵
      PID:796
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im dvp95_0.exe
      4⤵
      Kills process with taskkill
      PID:2064
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ecengine.exe
      4⤵
      PID:2864
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im edisk.exe
      4⤵
      PID:2384
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im efpeadm.exe
      4⤵
      PID:2856
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im esafe.exe
      4⤵
      PID:2872
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im escanh95.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2320
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im escanhnt.exe
      4⤵
      PID:1780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im escanv95.exe
      4⤵
      PID:2272
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im espwatch.exe
      4⤵
      PID:2188
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im etrustcipe.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:900
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im evpn.exe
      4⤵
      PID:2244
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im exantivirus -cnet.exe
      4⤵
      PID:3008
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fameh32.exe
      4⤵
      PID:2784
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fast.exe
      4⤵
      PID:3020
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fch32.exe
      4⤵
      PID:2992
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fih32.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2800
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im findviru.exe
      4⤵
      PID:2416
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im firewall.exe
      4⤵
      PID:2544
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fix-it.exe
      4⤵
      PID:548
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im flowprotector.exe
      4⤵
      Kills process with taskkill
      PID:2092
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fnrb32.exe
      4⤵
      PID:1496
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fp -win.exe
      4⤵
      PID:1968
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fp -win_trial.exe
      4⤵
      PID:1920
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fprot.exe
      4⤵
      PID:2860
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im frw.exe
      4⤵
      PID:1796
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsaa.exe
      4⤵
      PID:988
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsav32.exe
      4⤵
      PID:2820
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsav95.exe
      4⤵
      PID:832
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsave32.exe
      4⤵
      PID:1740
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsgk32.exe
      4⤵
      PID:1720
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsm32.exe
      4⤵
      PID:352
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsma32.exe
      4⤵
      PID:2180
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsmb32.exe
      4⤵
      Kills process with taskkill
      PID:1348
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fwenc.exe
      4⤵
      PID:2212
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gbmenu.exe
      4⤵
      PID:2268
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gbpoll.exe
      4⤵
      PID:1492
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gedit.exe
      4⤵
      PID:3008
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im generics.exe
      4⤵
      PID:2988
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im grief3878.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2828
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im guard.exe
      4⤵
      PID:3032
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im guarddog.exe
      4⤵
      PID:2644
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im HackerEliminator.exe
      4⤵
      PID:1464
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iamapp.exe
      4⤵
      PID:1516
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iamserv.exe
      4⤵
      PID:2536
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iamstats.exe
      4⤵
      PID:2612
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ibmasn.exe
      4⤵
      PID:1468
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ibmavsp.exe
      4⤵
      PID:2008
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icload95.exe
      4⤵
      PID:1032
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icloadnt.exe
      4⤵
      PID:2292
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icmon.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:824
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icsupp95.exe
      4⤵
      PID:780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icsuppnt.exe
      4⤵
      PID:992
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iface.exe
      4⤵
      PID:2940
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ifw2000.exe
      4⤵
      PID:696
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im inoculateit.exe
      4⤵
      PID:2088
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iomon98.exe
      4⤵
      PID:2100
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iparmor.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1948
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iris.exe
      4⤵
      PID:2936
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im isrv95.exe
      4⤵
      PID:1356
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im jammer.exe
      4⤵
      PID:2920
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im jedi.exe
      4⤵
      PID:2684
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kavpf.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2308
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ldnetmon.exe
      4⤵
      PID:1908
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ldpromenu.exe
      4⤵
      PID:1648
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ldscan.exe
      4⤵
      PID:2720
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im localnet.exe
      4⤵
      PID:1996
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im lockdown.exe
      4⤵
      PID:2888
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im lookout.exe
      4⤵
      PID:2536
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im luall.exe
      4⤵
      PID:1700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im lucomserver.exe
      4⤵
      PID:536
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im luspt.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2008
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcafee.exe
      4⤵
      PID:2648
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcagent.exe
      4⤵
      PID:328
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcmnhdlr.exe
      4⤵
      PID:824
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcshield.exe
      4⤵
      PID:780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcshieldvvstat.exe
      4⤵
      PID:2872
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mctool.exe
      4⤵
      PID:352
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcupdate.exe
      4⤵
      PID:1704
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcvsrte.exe
      4⤵
      PID:1872
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcvsshld.exe
      4⤵
      PID:1324
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mgavrtcl.exe
      4⤵
      PID:1056
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mgavrte.exe
      4⤵
      PID:888
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mghtml.exe
      4⤵
      PID:1592
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mgui.exe
      4⤵
      PID:1600
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im minilog.exe
      4⤵
      PID:2992
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mon.exe
      4⤵
      Kills process with taskkill
      PID:2608
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im monitor.exe
      4⤵
      PID:2576
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im monsys32.exe
      4⤵
      PID:2544
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im monsysnt.exe
      4⤵
      PID:1516
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im moolive.exe
      4⤵
      PID:1628
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfservice.exe
      4⤵
      PID:1764
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpftray.exe
      4⤵
      PID:2020
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mrflux.exe
      4⤵
      PID:2528
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im msinfo32.exe
      4⤵
      PID:2844
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mwatch.exe
      4⤵
      PID:828
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mxtask.exe
      4⤵
      PID:2864
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im n32scanw.exe
      4⤵
      PID:1852
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nav.exe
      4⤵
      PID:2652
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im NAV DefAlert.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:992
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nav32.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2872
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navalert.exe
      4⤵
      PID:1716
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navap.exe
      4⤵
      PID:2128
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navapsvc.exe
      4⤵
      PID:2084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im NAVAPW32.exe
      4⤵
      PID:2336
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navauto -protect.exe
      4⤵
      PID:1944
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navdx.exe
      4⤵
      PID:2756
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navengnavex15.exe
      4⤵
      PID:2664
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navlu32.exe
      4⤵
      PID:3028
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navnt.exe
      4⤵
      PID:2776
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navrunr.exe
      4⤵
      PID:2992
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navstub.exe
      4⤵
      PID:2560
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navw32.exe
      4⤵
      PID:2824
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im Navwnt.exe
      4⤵
      PID:2780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nc2000.exe
      4⤵
      Kills process with taskkill
      PID:2716
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ndd32.exe
      4⤵
      PID:1628
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im neomonitor.exe
      4⤵
      PID:1344
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im neowatchlog.exe
      4⤵
      PID:2020
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im net2000.exe
      4⤵
      PID:1912
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netarmor.exe
      4⤵
      PID:940
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netcommando.exe
      4⤵
      PID:1848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netinfo.exe
      4⤵
      PID:1128
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netmon.exe
      4⤵
      PID:2472
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netpro.exe
      4⤵
      PID:2312
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netprotect.exe
      4⤵
      PID:1704
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netscanpro.exe
      4⤵
      PID:1680
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netspyhunter -1.2.exe
      4⤵
      PID:1184
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netstat.exe
      4⤵
      PID:1088
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netutils.exe
      4⤵
      PID:1776
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netutils].exe
      4⤵
      PID:2936
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nimda.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1784
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nisserv.exe
      4⤵
      PID:2572
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nisum.exe
      4⤵
      PID:2408
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nisumnisservnisum.exe
      4⤵
      PID:2776
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nmain.exe
      4⤵
      PID:2876
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32.exe
      4⤵
      PID:2328
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norman.exe
      4⤵
      PID:2676
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norman_32.exe
      4⤵
      PID:1996
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norman_av.exe
      4⤵
      PID:2284
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norman32.exe
      4⤵
      PID:1148
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im normanav.exe
      4⤵
      PID:1660
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im normist.exe
      4⤵
      PID:2164
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norton.exe
      4⤵
      PID:2140
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im Norton Auto-Protect.exe
      4⤵
      PID:1208
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norton_av.exe
      4⤵
      PID:2864
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nortonav.exe
      4⤵
      Kills process with taskkill
      PID:2096
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im notstart.exe
      4⤵
      PID:896
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npfmessenger.exe
      4⤵
      PID:2940
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npfw.exe
      4⤵
      PID:1728
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npfw32.exe
      4⤵
      Kills process with taskkill
      PID:1020
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nprotect.exe
      4⤵
      PID:2448
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npscheck.exe
      4⤵
      PID:560
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npssvc.exe
      4⤵
      PID:2072
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nresq32.exe
      4⤵
      PID:1944
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nsched32.exe
      4⤵
      PID:2988
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nschednt.exe
      4⤵
      PID:1600
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nsplugin.exe
      4⤵
      PID:2408
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ntrtscan.exe
      4⤵
      PID:2992
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ntvdm.exe
      4⤵
      PID:2816
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ntxconfig.exe
      4⤵
      PID:2624
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nui.exe
      4⤵
      PID:2604
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nupgrade.exe
      4⤵
      PID:2612
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nvarch16.exe
      4⤵
      PID:1496
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nvc95.exe
      4⤵
      PID:1468
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nvsvc32.exe
      4⤵
      PID:1636
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nwservice.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1792
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nwtool16.exe
      4⤵
      PID:2620
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im offguard.exe
      4⤵
      PID:3068
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im OPScan.exe
      4⤵
      PID:2136
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ostronet.exe
      4⤵
      PID:328
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im outpost.exe
      4⤵
      PID:1200
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im padmin.exe
      4⤵
      PID:1368
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im panda.exe
      4⤵
      PID:1472
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pandaav.exe
      4⤵
      PID:1564
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im panixk.exe
      4⤵
      PID:2452
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pav.exe
      4⤵
      PID:1568
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavcl.exe
      4⤵
      Kills process with taskkill
      PID:1552
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavproxy.exe
      4⤵
      PID:2752
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavsched.exe
      4⤵
      PID:2988
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavw.exe
      4⤵
      PID:3008
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pc -cillan.exe
      4⤵
      PID:2924
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pc -cillin.exe
      4⤵
      PID:2552
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pccclient.exe
      4⤵
      Kills process with taskkill
      PID:2992
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pccguide.exe
      4⤵
      PID:2788
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pcciomon.exe
      4⤵
      PID:2032
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pccntmon.exe
      4⤵
      PID:772
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pccwin97.exe
      4⤵
      PID:2536
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pccwin98.exe
      4⤵
      PID:1972
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pcfwallicon.exe
      4⤵
      PID:536
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pcscan.exe
      4⤵
      PID:1344
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im periscope.exe
      4⤵
      PID:2168
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im persfw.exe
      4⤵
      PID:2292
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pf2.exe
      4⤵
      PID:984
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pfwadmin.exe
      4⤵
      PID:1608
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pingscan.exe
      4⤵
      PID:1720
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im platin.exe
      4⤵
      PID:2124
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pop3trap.exe
      4⤵
      PID:1540
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im poproxy.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2100
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im portdetective.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1872
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im portmonitor.exe
      4⤵
      PID:1088
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ppinupdt.exe
      4⤵
      PID:1776
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pptbc.exe
      4⤵
      PID:1056
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ppvstop.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1784
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im processmonitor.exe
      4⤵
      PID:1152
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im procexplorerv10#.exe
      4⤵
      PID:3028
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im programauditor.exe
      4⤵
      PID:2980
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im proport.exe
      4⤵
      PID:1648
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im protectx.exe
      4⤵
      PID:3000
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pspf.exe
      4⤵
      PID:796
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im purge.exe
      4⤵
      PID:2676
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pview95.exe
      4⤵
      Kills process with taskkill
      PID:1724
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pw32.exe
      4⤵
      PID:1660
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im qconsole.exe
      4⤵
      PID:2900
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rav.exe
      4⤵
      Kills process with taskkill
      PID:2140
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rav7.exe
      4⤵
      PID:1932
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rav7win.exe
      4⤵
      PID:908
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im realmon.exe
      4⤵
      PID:748
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im regrun2.exe
      4⤵
      PID:992
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rescue.exe
      4⤵
      PID:2180
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rrguard.exe
      4⤵
      PID:1964
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rshell.exe
      4⤵
      PID:1060
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rtvscn95.exe
      4⤵
      PID:1372
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rulaunch.exe
      4⤵
      PID:888
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im safeweb.exe
      4⤵
      PID:2188
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im SAVscan.exe
      4⤵
      PID:2656
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sbserv.exe
      4⤵
      PID:2768
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im SBservice.exe
      4⤵
      PID:1908
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im scan.exe
      4⤵
      PID:2728
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im scan32.exe
      4⤵
      PID:2912
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im scan95.exe
      4⤵
      PID:2772
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im scanpm.exe
      4⤵
      PID:1824
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im scrscan.exe
      4⤵
      PID:1064
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sd.exe
      4⤵
      Kills process with taskkill
      PID:1092
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im SENS.exe
      4⤵
      PID:1468
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im serv95.exe
      4⤵
      PID:2020
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sfc.exe
      4⤵
      PID:1036
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sh.exe
      4⤵
      PID:1796
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sharedaccess.exe
      4⤵
      PID:2268
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im shn.exe
      4⤵
      PID:832
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im smc.exe
      4⤵
      PID:1544
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sofi.exe
      4⤵
      PID:2512
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sophos.exe
      4⤵
      PID:684
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sophos_av.exe
      4⤵
      PID:1368
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sophosav.exe
      4⤵
      PID:2272
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spf.exe
      4⤵
      PID:2084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sphinx.exe
      4⤵
      PID:2060
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spy.exe
      4⤵
      PID:1692
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spygate.exe
      4⤵
      PID:2696
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spyx.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2748
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spyxx.exe
      4⤵
      PID:2796
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im srwatch.exe
      4⤵
      PID:2876
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ss3edit.exe
      4⤵
      PID:2980
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im st2.exe
      4⤵
      PID:1648
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im supftrl.exe
      4⤵
      PID:1516
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im supp95.exe
      4⤵
      PID:2612
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im supporter5.exe
      4⤵
      PID:2296
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sweep95.exe
      4⤵
      PID:1072
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sweepnet.exe
      4⤵
      PID:2120
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sweepsrv.sys.exe
      4⤵
      PID:1036
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sweepsrv.sysvshwin32.exe
      4⤵
      PID:2064
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im swnetsup.exe
      4⤵
      PID:1120
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im symantec.exe
      4⤵
      PID:2136
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im Symantec Core LC.exe
      4⤵
      PID:2652
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im symlcsvc.exe
      4⤵
      PID:1980
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im symproxysvc.exe
      4⤵
      PID:1704
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im symtray.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2312
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sysedit.exe
      4⤵
      Kills process with taskkill
      PID:2128
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im taskmon.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2336
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im taumon.exe
      4⤵
      PID:1716
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tauscan.exe
      4⤵
      PID:2680
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tbscan.exe
      4⤵
      PID:2188
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tcm.exe
      4⤵
      PID:1592
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tctca.exe
      4⤵
      PID:2748
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tds -3.exe
      4⤵
      PID:2552
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tds2 -98.exe
      4⤵
      PID:1908
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tds2 -nt.exe
      4⤵
      PID:2996
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tfak.exe
      4⤵
      PID:2728
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tfak5.exe
      4⤵
      PID:1364
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tgbob.exe
      4⤵
      PID:2840
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im trendmicro.exe
      4⤵
      PID:1824
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im trjscan.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:2700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im trojantrap3.exe
      4⤵
      PID:2676
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im TrueVector.exe
      4⤵
      PID:1196
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im undoboot.exe
      4⤵
      PID:1936
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im update.exe
      4⤵
      PID:2156
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vbcmserv.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2064
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vbcons.exe
      4⤵
      PID:2848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vbust.exe
      4⤵
      Kills process with taskkill
      PID:1852
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vbwin9x.exe
      4⤵
      PID:1528
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vbwinntw.exe
      4⤵
      PID:1732
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vccmserv.exe
      4⤵
      PID:2872
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vcontrol.exe
      4⤵
      PID:1564
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vet32.exe
      4⤵
      PID:696
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vet95.exe
      4⤵
      PID:2464
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vettray.exe
      4⤵
      PID:2704
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vir -help.exe
      4⤵
      PID:2264
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im virus.exe
      4⤵
      PID:2936
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im virusmdpersonalfirewall.exe
      4⤵
      PID:2784
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vnlan300.exe
      4⤵
      PID:2308
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vnpc3000.exe
      4⤵
      PID:2796
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vpc32.exe
      4⤵
      PID:2736
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vpfw30s.exe
      4⤵
      PID:2560
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vptray.exe
      4⤵
      PID:1768
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vscan40.exe
      4⤵
      PID:1496
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vsched.exe
      4⤵
      PID:1700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vsecomr.exe
      4⤵
      PID:1972
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vshwin32.exe
      4⤵
      PID:2184
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vshwin32vbcmserv.exe
      4⤵
      PID:2956
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vsmain.exe
      4⤵
      PID:1208
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vsmon.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2268
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vsstat.exe
      4⤵
      PID:1848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vswin9xe.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:940
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vswinntse.exe
      4⤵
      PID:824
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im w9x.exe
      4⤵
      PID:1980
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im watchdog.exe
      4⤵
      PID:1704
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im webscanx.exe
      4⤵
      PID:2312
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im webtrap.exe
      4⤵
      PID:2088
- - C:\Windows\tibia.exe
    "C:\Windows\tibia.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\MC.EXE

Filesize
2.3MB

MD5
5c0cdc5ae28c8c3dd1968938a9f977b6

SHA1
409ca5e0641dd0fa57a8cef6f5854013d5e5fe89

SHA256
d60a5e44148befc477aec81fb6ec6da5e4d8b749be25a73cf15b17720eae23a3

SHA512
2b0370146cd32df24e41a5a13e609295abbc22d79f6a168f8f8494ffd84886312f110c82e4fbceae34cfa8835545abb92963998f0d0aca7f7ce1a4ba9d5ec90e

Download Submit
C:\Windows\STREEAM.BAT

Filesize
19KB

MD5
1d31899b95f57392d2c512d1e3963aab

SHA1
b963df80640b6754b9767f5c8ad2ace7bf4b376c

SHA256
cea56d96209f277acf195b851aeed16bf3b643217fe1f30c4e7705d54309ce44

SHA512
75d6b7141e582a8d8db4af938d25e664a00d678294e47b4525050ce0a58843e1d323892e1fd389abac8ce33b5eb19c7f00647dae213ff665c91912bcaa0915ea

Download Submit
C:\Windows\tibia.exe

Filesize
2.2MB

MD5
899665cca536029d6d02c82f4452e808

SHA1
fadfb2e66f472457dbcd4ae96a1fd8dc7f63face

SHA256
a6dc1e166f20220b19a80622d18baed0e72bea01bf9aa9a30cd139758c40b808

SHA512
0fd894f4b163ea361b7ed5cce5137c28177a94b39c33d2d957f8bc37ff0846a41acb1f1dfde9f3990b7514f7a929c6f615125d482397f5f4d7b164af7f2d8fcb

Download Submit
memory/2328-0-0x0000000000400000-0x000000000090D000-memory.dmp

Filesize
5.1MB

Download
memory/2328-2-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2328-1-0x00000000002F0000-0x00000000003DC000-memory.dmp

Filesize
944KB

Download
memory/2328-4-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download
memory/2328-11-0x0000000000400000-0x000000000090D000-memory.dmp

Filesize
5.1MB

Download
memory/2328-20-0x0000000000400000-0x000000000090D000-memory.dmp

Filesize
5.1MB

Download
memory/2712-35-0x0000000000400000-0x0000000000648000-memory.dmp

Filesize
2.3MB

Download