ardamax | 19c742eac1d75c5596c3daddace009214bb400bd0369eb934affa044159068f0

Analysis

max time kernel
89s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-11-2024 07:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe
Size

1.5MB
MD5

8a582f6a81de74f166b0070e11e0ec1a
SHA1

780b99bc8362a39826a5834f1ff28a3c0c7357e7
SHA256

19c742eac1d75c5596c3daddace009214bb400bd0369eb934affa044159068f0
SHA512

f7bb8fc3507615f562258daf9caeb9e9f99e8645e8d1e9c5264b7d7f964866fc827a13e7f62248a6ca8c2c3f220c9a5512974238b68efbc292844006936b58c1
SSDEEP

24576:RkJz3kDERA/xwzKoC5A5mjkHh6knDU9YwCuXfZV4UMVAGTyusRMQCqb:2Jz3kT6zm5JjkB/KYwCu/4UMVAGTyusE

Score

10^/10

ardamax discovery evasion keylogger persistence stealer themida

Malware Config

Signatures

Ardamax
A keylogger first seen in 2013.
keylogger stealer ardamax
Ardamax family
ardamax

Ardamax main executable 1 IoCs

Processes:

resource	yara_rule
\Windows\SysWOW64\28463\LOSM.exe	family_ardamax

Executes dropped EXE 2 IoCs

Processes:

crackerng488.exeLOSM.exe

pid process

2740 crackerng488.exe
2564 LOSM.exe

pid	process
2740	crackerng488.exe
2564	LOSM.exe

Identifies Wine through registry keys 2 TTPs 1 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Wine	8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe

Loads dropped DLL 6 IoCs

Processes:

crackerng488.exeLOSM.exeregedit.exe

pid process

2740 crackerng488.exe
2740 crackerng488.exe
2564 LOSM.exe
2564 LOSM.exe
2088 regedit.exe
2088 regedit.exe

pid	process
2740	crackerng488.exe
2740	crackerng488.exe
2564	LOSM.exe
2564	LOSM.exe
2088	regedit.exe
2088	regedit.exe

Themida packer 4 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral1/memory/2856-0-0x0000000000400000-0x0000000000653000-memory.dmp	themida
behavioral1/memory/2856-3-0x0000000000400000-0x0000000000653000-memory.dmp	themida
behavioral1/memory/2856-22-0x0000000000400000-0x0000000000653000-memory.dmp	themida
behavioral1/memory/2856-55-0x0000000000400000-0x0000000000653000-memory.dmp	themida

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

LOSM.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\LOSM Agent = "C:\\Windows\\SysWOW64\\28463\\LOSM.exe"	LOSM.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 7 IoCs

Processes:

crackerng488.exeLOSM.exe

description	ioc	process
File created	C:\Windows\SysWOW64\28463\LOSM.001	crackerng488.exe
File created	C:\Windows\SysWOW64\28463\LOSM.006	crackerng488.exe
File created	C:\Windows\SysWOW64\28463\LOSM.007	crackerng488.exe
File created	C:\Windows\SysWOW64\28463\LOSM.exe	crackerng488.exe
File created	C:\Windows\SysWOW64\28463\key.bin	crackerng488.exe
File created	C:\Windows\SysWOW64\28463\AKV.exe	crackerng488.exe
File opened for modification	C:\Windows\SysWOW64\28463	LOSM.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe

pid process

2856 8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe

pid	process
2856	8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe

Drops file in Windows directory 2 IoCs

Processes:

8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\super_kill.bat	8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe
File created	C:\Windows\crackerng488.exe	8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Kills process with taskkill 64 IoCs

evasion

Processes:

pid	process
1584
1624
600	taskkill.exe
2832	taskkill.exe
1492	taskkill.exe
2768
1088	taskkill.exe
352	taskkill.exe
2100	taskkill.exe
2508	taskkill.exe
2132	taskkill.exe
2908
1480
2088
2992	taskkill.exe
1932	taskkill.exe
2056	taskkill.exe
1180	taskkill.exe
2788	taskkill.exe
3024	taskkill.exe
1728	taskkill.exe
2744	taskkill.exe
1752	taskkill.exe
2532	taskkill.exe
2968	taskkill.exe
808	taskkill.exe
584
2928
2812
1484	taskkill.exe
1180	taskkill.exe
2328	taskkill.exe
1520	taskkill.exe
2304	taskkill.exe
2352	taskkill.exe
2820	taskkill.exe
1804	taskkill.exe
1280	taskkill.exe
3068	taskkill.exe
2108	taskkill.exe
2148	taskkill.exe
2596	taskkill.exe
1520	taskkill.exe
1592	taskkill.exe
2464	taskkill.exe
1800	taskkill.exe
1996	taskkill.exe
2872	taskkill.exe
1720	taskkill.exe
2168	taskkill.exe
1776	taskkill.exe
1912
288	taskkill.exe
3040	taskkill.exe
1280	taskkill.exe
960	taskkill.exe
2268
1656	taskkill.exe
2148	taskkill.exe
1676	taskkill.exe
2900	taskkill.exe
2944
2804	taskkill.exe
2620	taskkill.exe

Modifies registry class 35 IoCs

Processes:

LOSM.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\ProgID\ = "RACplDlg.RASettingProperty.1"	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A54FE45-1899-A51D-FB18-EEFF4CB69087}\1.0\FLAGS\ = "4"	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A54FE45-1899-A51D-FB18-EEFF4CB69087}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\"	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\Version\	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\InprocServer32\ = "C:\\Windows\\SysWOW64\\RACPLDlg.dll"	LOSM.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A54FE45-1899-A51D-FB18-EEFF4CB69087}	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\TypeLib\	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\TypeLib\ = "{4A54FE45-1899-A51D-FB18-EEFF4CB69087}"	LOSM.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\ProgID	LOSM.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A54FE45-1899-A51D-FB18-EEFF4CB69087}\1.0\0\win32	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\VersionIndependentProgID\	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A54FE45-1899-A51D-FB18-EEFF4CB69087}\1.0\	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A54FE45-1899-A51D-FB18-EEFF4CB69087}\1.0\0\	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A54FE45-1899-A51D-FB18-EEFF4CB69087}\1.0\0\win32\ = "C:\\PROGRA~2\\MICROS~1\\Office14\\GROOVE.EXE\\74"	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A54FE45-1899-A51D-FB18-EEFF4CB69087}\1.0\FLAGS\	LOSM.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A54FE45-1899-A51D-FB18-EEFF4CB69087}\1.0\HELPDIR	LOSM.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}	LOSM.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A54FE45-1899-A51D-FB18-EEFF4CB69087}\1.0	LOSM.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\Programmable	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A54FE45-1899-A51D-FB18-EEFF4CB69087}\	LOSM.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A54FE45-1899-A51D-FB18-EEFF4CB69087}\1.0\FLAGS	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A54FE45-1899-A51D-FB18-EEFF4CB69087}\1.0\HELPDIR\	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\Version\ = "1.0"	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\ = "Vobesoqo.Makigih class"	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\ProgID\	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A54FE45-1899-A51D-FB18-EEFF4CB69087}\1.0\0\win32\	LOSM.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\TypeLib	LOSM.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\VersionIndependentProgID	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\VersionIndependentProgID\ = "RACplDlg.RASettingProperty"	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\InprocServer32\	LOSM.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A54FE45-1899-A51D-FB18-EEFF4CB69087}\1.0\0	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4A54FE45-1899-A51D-FB18-EEFF4CB69087}\1.0\ = "GrooveNotifierServicesAlpha TypeLibrary"	LOSM.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\Version	LOSM.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\InprocServer32	LOSM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB9AB58-706E-4002-9ABC-06CABCC74EDD}\Programmable\	LOSM.exe

Runs .reg file with regedit 1 IoCs

Processes:

regedit.exe

pid process

2088 regedit.exe
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe

pid process

2856 8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe

pid	process
2088	regedit.exe

pid	process
2856	8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exeLOSM.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

description	pid	process
Token: SeDebugPrivilege	2596	taskkill.exe
Token: SeDebugPrivilege	1808	taskkill.exe
Token: SeDebugPrivilege	2876	taskkill.exe
Token: SeDebugPrivilege	2780	taskkill.exe
Token: SeDebugPrivilege	2884	taskkill.exe
Token: SeDebugPrivilege	2940	taskkill.exe
Token: SeDebugPrivilege	1180	taskkill.exe
Token: SeDebugPrivilege	1160	taskkill.exe
Token: SeDebugPrivilege	3060	taskkill.exe
Token: SeDebugPrivilege	2604	taskkill.exe
Token: SeDebugPrivilege	1988	taskkill.exe
Token: 33	2564	LOSM.exe
Token: SeIncBasePriorityPrivilege	2564	LOSM.exe
Token: SeDebugPrivilege	1136	taskkill.exe
Token: SeDebugPrivilege	2352	taskkill.exe
Token: SeDebugPrivilege	2204	taskkill.exe
Token: SeDebugPrivilege	2524	taskkill.exe
Token: SeDebugPrivilege	2372	taskkill.exe
Token: SeDebugPrivilege	1880	taskkill.exe
Token: SeDebugPrivilege	2340	taskkill.exe
Token: SeDebugPrivilege	324	taskkill.exe
Token: SeDebugPrivilege	1600	taskkill.exe
Token: SeDebugPrivilege	2304	taskkill.exe
Token: SeDebugPrivilege	1648	taskkill.exe
Token: SeDebugPrivilege	2948	taskkill.exe
Token: SeDebugPrivilege	2316	taskkill.exe
Token: SeDebugPrivilege	1376	taskkill.exe
Token: SeDebugPrivilege	1088	taskkill.exe
Token: SeDebugPrivilege	2032	taskkill.exe
Token: SeDebugPrivilege	988	taskkill.exe
Token: SeDebugPrivilege	2500	taskkill.exe
Token: SeDebugPrivilege	2292	taskkill.exe
Token: SeDebugPrivilege	804	taskkill.exe
Token: SeDebugPrivilege	780	taskkill.exe
Token: SeDebugPrivilege	2480	taskkill.exe
Token: SeDebugPrivilege	892	taskkill.exe
Token: SeDebugPrivilege	1688	taskkill.exe
Token: SeDebugPrivilege	2436	taskkill.exe
Token: SeDebugPrivilege	1588	taskkill.exe
Token: SeDebugPrivilege	2992	taskkill.exe
Token: SeDebugPrivilege	2988	taskkill.exe
Token: SeDebugPrivilege	2108	taskkill.exe
Token: SeDebugPrivilege	2660	taskkill.exe
Token: SeDebugPrivilege	2812	taskkill.exe
Token: SeDebugPrivilege	2840	taskkill.exe
Token: SeDebugPrivilege	2724	taskkill.exe
Token: SeDebugPrivilege	1932	taskkill.exe
Token: SeDebugPrivilege	2880	taskkill.exe
Token: SeDebugPrivilege	2284	taskkill.exe
Token: SeDebugPrivilege	2580	taskkill.exe
Token: SeDebugPrivilege	1804	taskkill.exe
Token: SeDebugPrivilege	2960	taskkill.exe
Token: SeDebugPrivilege	2788	taskkill.exe
Token: SeDebugPrivilege	2896	taskkill.exe
Token: SeDebugPrivilege	2932	taskkill.exe
Token: SeDebugPrivilege	548	taskkill.exe
Token: SeDebugPrivilege	2936	taskkill.exe
Token: SeDebugPrivilege	2964	taskkill.exe
Token: SeDebugPrivilege	576	taskkill.exe
Token: SeDebugPrivilege	1332	taskkill.exe
Token: SeDebugPrivilege	1992	taskkill.exe
Token: SeDebugPrivilege	744	taskkill.exe
Token: SeDebugPrivilege	1612	taskkill.exe
Token: SeDebugPrivilege	1136	taskkill.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

LOSM.exe

pid process

2564 LOSM.exe
2564 LOSM.exe
2564 LOSM.exe
2564 LOSM.exe
2564 LOSM.exe

pid	process
2564	LOSM.exe
2564	LOSM.exe
2564	LOSM.exe
2564	LOSM.exe
2564	LOSM.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.execrackerng488.execmd.exe

description	pid	process	target process
PID 2856 wrote to memory of 2756	2856	8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe	cmd.exe
PID 2856 wrote to memory of 2756	2856	8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe	cmd.exe
PID 2856 wrote to memory of 2756	2856	8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe	cmd.exe
PID 2856 wrote to memory of 2756	2856	8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe	cmd.exe
PID 2856 wrote to memory of 2740	2856	8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe	crackerng488.exe
PID 2856 wrote to memory of 2740	2856	8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe	crackerng488.exe
PID 2856 wrote to memory of 2740	2856	8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe	crackerng488.exe
PID 2856 wrote to memory of 2740	2856	8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe	crackerng488.exe
PID 2740 wrote to memory of 2564	2740	crackerng488.exe	LOSM.exe
PID 2740 wrote to memory of 2564	2740	crackerng488.exe	LOSM.exe
PID 2740 wrote to memory of 2564	2740	crackerng488.exe	LOSM.exe
PID 2740 wrote to memory of 2564	2740	crackerng488.exe	LOSM.exe
PID 2756 wrote to memory of 2596	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2596	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2596	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2596	2756	cmd.exe	taskkill.exe
PID 2740 wrote to memory of 2088	2740	crackerng488.exe	regedit.exe
PID 2740 wrote to memory of 2088	2740	crackerng488.exe	regedit.exe
PID 2740 wrote to memory of 2088	2740	crackerng488.exe	regedit.exe
PID 2740 wrote to memory of 2088	2740	crackerng488.exe	regedit.exe
PID 2756 wrote to memory of 1808	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1808	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1808	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1808	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2876	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2876	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2876	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2876	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2780	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2780	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2780	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2780	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2884	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2884	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2884	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2884	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2940	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2940	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2940	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2940	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1180	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1180	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1180	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1180	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1160	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1160	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1160	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1160	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 3060	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 3060	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 3060	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 3060	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2604	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2604	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2604	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 2604	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1988	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1988	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1988	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1988	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1136	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1136	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1136	2756	cmd.exe	taskkill.exe
PID 2756 wrote to memory of 1136	2756	cmd.exe	taskkill.exe

C:\Users\Admin\AppData\Local\Temp\8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8a582f6a81de74f166b0070e11e0ec1a_JaffaCakes118.exe"
1⤵
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Windows\super_kill.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgas.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2596
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nod32krn.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1808
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nod32.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2876
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im kav.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2780
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im kavmm.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2884
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgemc.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2940
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgcc.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1180
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgamsvr.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:1160
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgupsvc.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3060
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgw.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2604
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ashwebsv.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1988
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ashdisp.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1136
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ashmaisv.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2352
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ashserv.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2204
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ashwebsv.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2524
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im aswupdsv.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2372
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ewidoctrl.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1880
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im guard.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2340
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im gcasdtserv.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:324
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im msmpeng.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1600
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcafee.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2304
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mghml.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1648
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im msiexec.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2948
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im outpost.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2316
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im isafe.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1376
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im minilog.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1088
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im zonealarm.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2032
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im zlclient.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:988
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im updclient.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2500
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccapp.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2292
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navw32.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:804
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norton.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:780
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navapsvc.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2480
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccsetmgr.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:892
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cccproxy.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1688
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccapp.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2436
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccevtmgr.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1588
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npfmntor.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2992
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im logexprt.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2988
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nisum.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2108
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im issvc.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2660
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cpdclnt.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2812
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavprsrv.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2840
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavprot.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2724
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avengine.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1932
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im apvxdwin.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2880
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im webproxy.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2284
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avguard.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2580
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgnt.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1804
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im shed.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2960
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avsched32.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2788
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sccomm.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2896
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spiderml.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2932
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sgmain.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:548
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spywareguard.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2936
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im kpf4gui.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2964
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im kpf4ss.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:576
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcdash.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1332
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcdetect.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1992
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcregwiz.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:744
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcinfo.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1612
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mghtml.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1136
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im oasclnt.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2352
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpfagent.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2204
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpfconsole.exe
    3⤵
    PID:2524
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpfservice.exe
    3⤵
    PID:2372
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpftray.exe
    3⤵
    PID:696
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpfwizard.exe
    3⤵
    PID:964
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mvtx.exe
    3⤵
    PID:1940
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im _avp32.exe
    3⤵
    PID:692
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im _avpcc.exe
    3⤵
    PID:2492
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im _avpm.exe
    3⤵
    PID:2408
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ackwin32.exe
    3⤵
    PID:1776
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im advxdwin.exe
    3⤵
    PID:1168
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im agentsvr.exe
    3⤵
    PID:2044
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im agv.exe
    3⤵
    PID:1656
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ahnsd.exe
    3⤵
    PID:2312
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im alertsvc.exe
    3⤵
    - Kills process with taskkill
    PID:1800
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im alogserv.exe
    3⤵
    PID:1760
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im amon.exe
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im amon9x.exe
    3⤵
    PID:2004
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im amonavp32.exe
    3⤵
    - Kills process with taskkill
    PID:1484
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im anti -trojan.exe
    3⤵
    PID:2260
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im antivir.exe
    3⤵
    PID:892
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im antivirus.exe
    3⤵
    PID:1688
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ants.exe
    3⤵
    PID:2436
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im antssircam.exe
    3⤵
    PID:1720
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im apimonitor.exe
    3⤵
    PID:2852
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im aplica32.exe
    3⤵
    PID:2988
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im apvxdwin.exe
    3⤵
    PID:2108
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im atcon.exe
    3⤵
    PID:2660
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im atguard.exe
    3⤵
    PID:2812
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ats.exe
    3⤵
    PID:2840
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im atscan.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2724
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im atupdater.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1932
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im atwatch.exe
    3⤵
    PID:2728
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im autodown.exe
    3⤵
    PID:2148
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im autotrace.exe
    3⤵
    PID:2556
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im autoupdate.exe
    3⤵
    PID:1268
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avconsol.exe
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ave32.exe
    3⤵
    - Kills process with taskkill
    PID:2532
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgcc32.exe
    3⤵
    PID:2792
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgctrl.exe
    3⤵
    PID:2868
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgserv.exe
    3⤵
    PID:808
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgserv9.exe
    3⤵
    PID:2288
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgserv9schedapp.exe
    3⤵
    PID:3068
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgw.exe
    3⤵
    PID:2092
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avkpop.exe
    3⤵
    PID:916
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avkserv.exe
    3⤵
    PID:1480
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avkservice.exe
    3⤵
    PID:2528
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avkwcl9.exe
    3⤵
    PID:2216
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avkwctl9.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2112
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avnt.exe
    3⤵
    PID:2212
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avp.exe
    3⤵
    PID:912
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avp32.exe
    3⤵
    PID:448
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpcc.exe
    3⤵
    PID:1860
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im AVPCC Service.exe
    3⤵
    - Kills process with taskkill
    PID:2056
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpccavpm.exe
    3⤵
    PID:2240
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpdos32.exe
    3⤵
    PID:840
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpexec.exe
    3⤵
    PID:1924
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpinst.exe
    3⤵
    PID:2344
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpm.exe
    3⤵
    PID:864
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpmonitor.exe
    3⤵
    PID:2000
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avptc.exe
    3⤵
    PID:1912
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avptc32.exe
    3⤵
    - Kills process with taskkill
    PID:1728
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpupd.exe
    3⤵
    PID:2296
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpupdates.exe
    3⤵
    PID:2208
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avrescue.exe
    3⤵
    PID:2432
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avsched32.exe
    3⤵
    PID:2500
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avsynmgr.exe
    3⤵
    PID:2996
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avwin95.exe
    3⤵
    PID:1208
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avwinnt.exe
    3⤵
    PID:1000
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avwupd32.exe
    3⤵
    PID:1920
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxgui.exe
    3⤵
    PID:1692
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxinit.exe
    3⤵
    PID:1704
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxlive.exe
    3⤵
    PID:3040
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxmonitor9x.exe
    3⤵
    - Kills process with taskkill
    PID:2744
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxmonitornt.exe
    3⤵
    PID:2572
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxnews.exe
    3⤵
    PID:2640
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxquar.exe
    3⤵
    PID:1856
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxsch.exe
    3⤵
    PID:2824
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxw.exe
    3⤵
    PID:2676
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im BACKLOG.exe
    3⤵
    PID:2600
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bd_professional.exe
    3⤵
    PID:2540
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bidef.exe
    3⤵
    PID:1408
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bidserver.exe
    3⤵
    PID:1784
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bipcp.exe
    3⤵
    PID:2548
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bisp.exe
    3⤵
    - Kills process with taskkill
    PID:2596
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im blackd.exe
    3⤵
    PID:2276
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im blackice.exe
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im blackiceblackd.exe
    3⤵
    PID:2636
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im BootWarn.exe
    3⤵
    PID:2788
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im borg2.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2896
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bs120.exe
    3⤵
    PID:2932
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bullguard.exe
    3⤵
    PID:2616
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccApp.exe
    3⤵
    PID:2924
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccevtmgr.exe
    3⤵
    PID:2956
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccIMScan.exe
    3⤵
    PID:768
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccPwdSrc.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1364
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccpxysvc.exe
    3⤵
    PID:2648
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccSetMgr.exe
    3⤵
    PID:744
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cdp.exe
    3⤵
    PID:1612
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cfiadmin.exe
    3⤵
    PID:1136
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cfiaudit.exe
    3⤵
    - Kills process with taskkill
    PID:2352
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cfinet.exe
    3⤵
    PID:2204
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cfinet32.exe
    3⤵
    PID:1080
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im claw95.exe
    3⤵
    PID:2472
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im claw95cf.exe
    3⤵
    PID:696
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im clean.exe
    3⤵
    - Kills process with taskkill
    PID:352
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cleaner.exe
    3⤵
    PID:1940
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cleaner3.exe
    3⤵
    PID:1492
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cleanpc.exe
    3⤵
    PID:2948
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cmgrdian.exe
    3⤵
    PID:1732
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cmon016.exe
    3⤵
    PID:2732
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im codered.exe
    3⤵
    PID:740
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im connectionmonitor.exe
    3⤵
    PID:2044
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im conseal.exe
    3⤵
    PID:812
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cpd.exe
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cpf9x206.exe
    3⤵
    PID:2320
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ctrl.exe
    3⤵
    PID:1760
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im defalert.exe
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im defence.exe
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im defense.exe
    3⤵
    PID:1484
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im defscangui.exe
    3⤵
    PID:2064
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im defwatch.exe
    3⤵
    PID:2452
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im deputy.exe
    3⤵
    PID:2860
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im doors.exe
    3⤵
    PID:2736
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im dpf.exe
    3⤵
    PID:2712
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im drwatson.exe
    3⤵
    PID:2020
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im drweb32.exe
    3⤵
    PID:2680
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im dvp95.exe
    3⤵
    PID:2828
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im dvp95_0.exe
    3⤵
    PID:2856
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ecengine.exe
    3⤵
    PID:2720
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im edisk.exe
    3⤵
    PID:2568
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im efpeadm.exe
    3⤵
    PID:2592
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im esafe.exe
    3⤵
    PID:2672
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im escanh95.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2548
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im escanhnt.exe
    3⤵
    PID:2596
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im escanv95.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2088
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im espwatch.exe
    3⤵
    PID:1268
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im etrustcipe.exe
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im evpn.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2884
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im exantivirus -cnet.exe
    3⤵
    PID:2952
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fameh32.exe
    3⤵
    PID:664
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fast.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2916
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fch32.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1296
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fih32.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2968
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im findviru.exe
    3⤵
    PID:1332
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im firewall.exe
    3⤵
    PID:1992
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fix-it.exe
    3⤵
    PID:1524
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im flowprotector.exe
    3⤵
    PID:2152
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fnrb32.exe
    3⤵
    PID:2404
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fp -win.exe
    3⤵
    PID:3008
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fp -win_trial.exe
    3⤵
    PID:2112
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fprot.exe
    3⤵
    PID:1136
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im frw.exe
    3⤵
    PID:2352
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsaa.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2204
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsav32.exe
    3⤵
    PID:1080
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsav95.exe
    3⤵
    PID:2472
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsave32.exe
    3⤵
    PID:1084
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsgk32.exe
    3⤵
    PID:848
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsm32.exe
    3⤵
    PID:2344
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsma32.exe
    3⤵
    PID:1492
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsmb32.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2948
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fwenc.exe
    3⤵
    PID:1732
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im gbmenu.exe
    3⤵
    PID:1368
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im gbpoll.exe
    3⤵
    PID:1300
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im gedit.exe
    3⤵
    PID:2032
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im generics.exe
    3⤵
    PID:2008
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im grief3878.exe
    3⤵
    PID:2324
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im guard.exe
    3⤵
    PID:2320
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im guarddog.exe
    3⤵
    PID:1760
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im HackerEliminator.exe
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iamapp.exe
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iamserv.exe
    3⤵
    PID:884
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iamstats.exe
    3⤵
    PID:1884
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ibmasn.exe
    3⤵
    PID:1704
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ibmavsp.exe
    3⤵
    PID:2748
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im icload95.exe
    3⤵
    PID:2852
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im icloadnt.exe
    3⤵
    PID:2988
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im icmon.exe
    3⤵
    - Kills process with taskkill
    PID:2804
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im icsupp95.exe
    3⤵
    PID:1856
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im icsuppnt.exe
    3⤵
    PID:2816
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iface.exe
    3⤵
    PID:2808
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ifw2000.exe
    3⤵
    PID:836
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im inoculateit.exe
    3⤵
    PID:2708
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iomon98.exe
    3⤵
    PID:2880
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iparmor.exe
    3⤵
    PID:2400
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iris.exe
    3⤵
    PID:844
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im isrv95.exe
    3⤵
    PID:2888
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im jammer.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2960
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im jedi.exe
    3⤵
    PID:2780
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im kavpf.exe
    3⤵
    PID:2636
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ldnetmon.exe
    3⤵
    PID:2768
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ldpromenu.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2900
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ldscan.exe
    3⤵
    PID:1676
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im localnet.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2972
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im lockdown.exe
    3⤵
    PID:584
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im lookout.exe
    3⤵
    PID:768
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im luall.exe
    3⤵
    PID:1832
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im lucomserver.exe
    3⤵
    PID:1480
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im luspt.exe
    3⤵
    PID:744
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcafee.exe
    3⤵
    PID:552
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcagent.exe
    3⤵
    PID:2168
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcmnhdlr.exe
    3⤵
    PID:2212
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcshield.exe
    3⤵
    PID:600
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcshieldvvstat.exe
    3⤵
    PID:2644
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mctool.exe
    3⤵
    PID:1356
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcupdate.exe
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcvsrte.exe
    3⤵
    PID:964
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcvsshld.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1032
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mgavrtcl.exe
    3⤵
    PID:2180
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mgavrte.exe
    3⤵
    PID:2316
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mghtml.exe
    3⤵
    PID:2408
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mgui.exe
    3⤵
    PID:1880
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im minilog.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2732
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mon.exe
    3⤵
    PID:2456
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im monitor.exe
    3⤵
    PID:2280
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im monsys32.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:288
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im monsysnt.exe
    3⤵
    PID:804
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im moolive.exe
    3⤵
    PID:2444
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpfservice.exe
    3⤵
    PID:3052
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpftray.exe
    3⤵
    PID:780
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mrflux.exe
    3⤵
    PID:284
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im msinfo32.exe
    3⤵
    PID:1580
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mwatch.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2064
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mxtask.exe
    3⤵
    PID:2428
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im n32scanw.exe
    3⤵
    - Kills process with taskkill
    PID:1996
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nav.exe
    3⤵
    PID:2692
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im NAV DefAlert.exe
    3⤵
    PID:2660
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nav32.exe
    3⤵
    PID:2020
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navalert.exe
    3⤵
    PID:3004
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navap.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2828
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navapsvc.exe
    3⤵
    PID:2696
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im NAVAPW32.exe
    3⤵
    PID:1720
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navauto -protect.exe
    3⤵
    PID:1796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navdx.exe
    3⤵
    PID:2708
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navengnavex15.exe
    3⤵
    PID:2760
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navlu32.exe
    3⤵
    PID:708
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navnt.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:844
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navrunr.exe
    3⤵
    PID:2888
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navstub.exe
    3⤵
    PID:2960
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navw32.exe
    3⤵
    PID:2780
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Navwnt.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2636
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nc2000.exe
    3⤵
    PID:2768
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ndd32.exe
    3⤵
    PID:2900
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im neomonitor.exe
    3⤵
    PID:1676
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im neowatchlog.exe
    3⤵
    PID:2972
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im net2000.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:584
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netarmor.exe
    3⤵
    PID:768
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netcommando.exe
    3⤵
    PID:916
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netinfo.exe
    3⤵
    PID:2384
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netmon.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2100
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netpro.exe
    3⤵
    PID:2216
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netprotect.exe
    3⤵
    PID:3016
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netscanpro.exe
    3⤵
    PID:2076
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netspyhunter -1.2.exe
    3⤵
    PID:1868
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netstat.exe
    3⤵
    PID:1280
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netutils.exe
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netutils].exe
    3⤵
    PID:1396
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nimda.exe
    3⤵
    PID:1924
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nisserv.exe
    3⤵
    PID:1792
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nisum.exe
    3⤵
    PID:1544
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nisumnisservnisum.exe
    3⤵
    PID:2000
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nmain.exe
    3⤵
    PID:2028
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nod32.exe
    3⤵
    PID:2024
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norman.exe
    3⤵
    PID:1656
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norman_32.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1572
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norman_av.exe
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norman32.exe
    3⤵
    PID:1184
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im normanav.exe
    3⤵
    PID:2460
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im normist.exe
    3⤵
    PID:980
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norton.exe
    3⤵
    PID:1516
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Norton Auto-Protect.exe
    3⤵
    PID:892
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norton_av.exe
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nortonav.exe
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im notstart.exe
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npfmessenger.exe
    3⤵
    - Kills process with taskkill
    PID:3040
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npfw.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2872
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npfw32.exe
    3⤵
    PID:2852
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nprotect.exe
    3⤵
    PID:2572
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npscheck.exe
    3⤵
    PID:2832
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npssvc.exe
    3⤵
    PID:2820
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nresq32.exe
    3⤵
    PID:1892
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nsched32.exe
    3⤵
    PID:2688
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nschednt.exe
    3⤵
    PID:2608
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nsplugin.exe
    3⤵
    PID:2620
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ntrtscan.exe
    3⤵
    PID:2880
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ntvdm.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2400
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ntxconfig.exe
    3⤵
    PID:1812
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nui.exe
    3⤵
    PID:1548
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nupgrade.exe
    3⤵
    PID:2612
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nvarch16.exe
    3⤵
    PID:2796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nvc95.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2940
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nvsvc32.exe
    3⤵
    PID:2884
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nwservice.exe
    3⤵
    PID:2944
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nwtool16.exe
    3⤵
    PID:2936
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im offguard.exe
    3⤵
    PID:3060
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im OPScan.exe
    3⤵
    PID:2424
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ostronet.exe
    3⤵
    PID:1904
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im outpost.exe
    3⤵
    PID:1348
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im padmin.exe
    3⤵
    PID:1524
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im panda.exe
    3⤵
    PID:2752
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pandaav.exe
    3⤵
    PID:3000
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im panixk.exe
    3⤵
    PID:2172
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pav.exe
    3⤵
    PID:2168
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavcl.exe
    3⤵
    PID:2340
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavproxy.exe
    3⤵
    PID:1868
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavsched.exe
    3⤵
    - Kills process with taskkill
    PID:1280
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavw.exe
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pc -cillan.exe
    3⤵
    PID:1396
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pc -cillin.exe
    3⤵
    PID:964
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pccclient.exe
    3⤵
    PID:1648
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pccguide.exe
    3⤵
    PID:904
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pcciomon.exe
    3⤵
    PID:864
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pccntmon.exe
    3⤵
    PID:1376
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pccwin97.exe
    3⤵
    PID:2028
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pccwin98.exe
    3⤵
    PID:2024
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pcfwallicon.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:1656
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pcscan.exe
    3⤵
    PID:1572
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im periscope.exe
    3⤵
    PID:1800
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im persfw.exe
    3⤵
    PID:1184
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pf2.exe
    3⤵
    PID:2460
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pfwadmin.exe
    3⤵
    PID:980
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pingscan.exe
    3⤵
    PID:1516
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im platin.exe
    3⤵
    PID:1920
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pop3trap.exe
    3⤵
    PID:988
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im poproxy.exe
    3⤵
    PID:884
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im portdetective.exe
    3⤵
    PID:2064
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im portmonitor.exe
    3⤵
    PID:2308
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ppinupdt.exe
    3⤵
    PID:2736
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pptbc.exe
    3⤵
    PID:2700
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ppvstop.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2824
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im processmonitor.exe
    3⤵
    PID:2664
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im procexplorerv10#.exe
    3⤵
    PID:2624
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im programauditor.exe
    3⤵
    PID:2540
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im proport.exe
    3⤵
    PID:2084
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im protectx.exe
    3⤵
    PID:1720
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pspf.exe
    3⤵
    PID:2592
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im purge.exe
    3⤵
    PID:1896
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pview95.exe
    3⤵
    PID:1900
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pw32.exe
    3⤵
    PID:2276
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im qconsole.exe
    3⤵
    PID:2888
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rav.exe
    3⤵
    PID:2532
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rav7.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2780
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rav7win.exe
    3⤵
    PID:1180
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im realmon.exe
    3⤵
    PID:2284
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im regrun2.exe
    3⤵
    - Kills process with taskkill
    PID:2900
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rescue.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1052
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rrguard.exe
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rshell.exe
    3⤵
    PID:1332
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rtvscn95.exe
    3⤵
    PID:2776
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rulaunch.exe
    3⤵
    PID:2528
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im safeweb.exe
    3⤵
    PID:1612
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im SAVscan.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3020
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sbserv.exe
    3⤵
    PID:1136
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im SBservice.exe
    3⤵
    PID:448
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im scan.exe
    3⤵
    - Kills process with taskkill
    PID:600
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im scan32.exe
    3⤵
    PID:2060
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im scan95.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1080
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im scanpm.exe
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im scrscan.exe
    3⤵
    PID:1940
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sd.exe
    3⤵
    PID:1032
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im SENS.exe
    3⤵
    PID:1792
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im serv95.exe
    3⤵
    PID:2316
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sfc.exe
    3⤵
    PID:1776
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sh.exe
    3⤵
    PID:1880
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sharedaccess.exe
    3⤵
    PID:2296
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im shn.exe
    3⤵
    PID:740
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im smc.exe
    3⤵
    PID:2044
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sofi.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:288
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sophos.exe
    3⤵
    PID:1416
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sophos_av.exe
    3⤵
    PID:2444
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sophosav.exe
    3⤵
    PID:1908
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spf.exe
    3⤵
    PID:620
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sphinx.exe
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spy.exe
    3⤵
    PID:284
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spygate.exe
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spyx.exe
    3⤵
    PID:3040
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spyxx.exe
    3⤵
    PID:2872
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im srwatch.exe
    3⤵
    PID:2852
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ss3edit.exe
    3⤵
    PID:2572
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im st2.exe
    3⤵
    PID:2832
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im supftrl.exe
    3⤵
    - Kills process with taskkill
    PID:2820
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im supp95.exe
    3⤵
    PID:3004
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im supporter5.exe
    3⤵
    PID:2828
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sweep95.exe
    3⤵
    PID:2696
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sweepnet.exe
    3⤵
    PID:2544
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sweepsrv.sys.exe
    3⤵
    PID:2148
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sweepsrv.sysvshwin32.exe
    3⤵
    PID:2400
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im swnetsup.exe
    3⤵
    PID:1812
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im symantec.exe
    3⤵
    PID:1548
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Symantec Core LC.exe
    3⤵
    PID:2864
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im symlcsvc.exe
    3⤵
    PID:2888
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im symproxysvc.exe
    3⤵
    PID:2532
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im symtray.exe
    3⤵
    PID:1160
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sysedit.exe
    3⤵
    PID:2288
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im taskmon.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2284
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im taumon.exe
    3⤵
    PID:2900
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tauscan.exe
    3⤵
    PID:1052
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tbscan.exe
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tcm.exe
    3⤵
    PID:1332
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tctca.exe
    3⤵
    PID:2776
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tds -3.exe
    3⤵
    PID:2528
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tds2 -98.exe
    3⤵
    PID:1708
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tds2 -nt.exe
    3⤵
    PID:1480
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tfak.exe
    3⤵
    PID:2604
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tfak5.exe
    3⤵
    PID:2352
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tgbob.exe
    3⤵
    PID:2168
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im trendmicro.exe
    3⤵
    PID:1860
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im trjscan.exe
    3⤵
    PID:932
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im trojantrap3.exe
    3⤵
    PID:840
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im TrueVector.exe
    3⤵
    PID:896
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im undoboot.exe
    3⤵
    PID:2496
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im update.exe
    3⤵
    PID:2376
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vbcmserv.exe
    3⤵
    PID:1964
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vbcons.exe
    3⤵
    PID:1912
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vbust.exe
    3⤵
    PID:1652
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vbwin9x.exe
    3⤵
    PID:992
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vbwinntw.exe
    3⤵
    PID:1300
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vccmserv.exe
    3⤵
    PID:2292
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vcontrol.exe
    3⤵
    PID:2492
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vet32.exe
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vet95.exe
    3⤵
    PID:1916
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vettray.exe
    3⤵
    PID:1888
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vir -help.exe
    3⤵
    PID:2420
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im virus.exe
    3⤵
    PID:3052
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im virusmdpersonalfirewall.exe
    3⤵
    PID:2480
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vnlan300.exe
    3⤵
    PID:1584
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vnpc3000.exe
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vpc32.exe
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vpfw30s.exe
    3⤵
    PID:3040
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vptray.exe
    3⤵
    PID:2692
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vscan40.exe
    3⤵
    PID:2836
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vsched.exe
    3⤵
    PID:2804
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vsecomr.exe
    3⤵
    PID:2800
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vshwin32.exe
    3⤵
    PID:2676
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vshwin32vbcmserv.exe
    3⤵
    PID:2724
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vsmain.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2688
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vsmon.exe
    3⤵
    PID:2740
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vsstat.exe
    3⤵
    - Kills process with taskkill
    PID:2620
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vswin9xe.exe
    3⤵
    PID:2148
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vswinntse.exe
    3⤵
    PID:2400
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im w9x.exe
    3⤵
    PID:1812
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im watchdog.exe
    3⤵
    PID:2600
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im webscanx.exe
    3⤵
    PID:2652
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im webtrap.exe
    3⤵
    PID:2788
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im wfindv32.exe
    3⤵
    - Kills process with taskkill
    PID:808
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im wgfe95.exe
    3⤵
    PID:664
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im whoswatchingme.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2924
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im wimmun32.exe
    3⤵
    PID:2972
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im winrecon.exe
    3⤵
    PID:2968
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im winroute.exe
    3⤵
    PID:1904
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im winsfcm.exe
    3⤵
    PID:1348
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im wnt.exe
    3⤵
    PID:548
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im wqkmm3878.exe
    3⤵
    PID:2528
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im wradmin.exe
    3⤵
    PID:3020
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im wrctrl.exe
    3⤵
    PID:1136
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im wsbgate.exe
    3⤵
    PID:2204
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im wyvernworksfirewall.exe
    3⤵
    PID:280
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im zapro.exe
    3⤵
    PID:2080
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im zatutor.exe
    3⤵
    PID:1356
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im zauinst.exe
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im zonealarm.exe
    3⤵
    PID:1084
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nod32krn.exe
    3⤵
    - Kills process with taskkill
    PID:2508
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nod32.exe
    3⤵
    PID:2180
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im kav.exe
    3⤵
    PID:1728
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im kavmm.exe
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgemc.exe
    3⤵
    PID:1880
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgcc.exe
    3⤵
    PID:2296
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgamsvr.exe
    3⤵
    PID:740
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgupsvc.exe
    3⤵
    PID:2280
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgw.exe
    3⤵
    PID:2396
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ashwebsv.exe
    3⤵
    PID:804
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ashdisp.exe
    3⤵
    PID:1760
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ashmaisv.exe
    3⤵
    PID:2420
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ashserv.exe
    3⤵
    PID:980
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ashwebsv.exe
    3⤵
    PID:2120
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im aswupdsv.exe
    3⤵
    PID:2632
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ewidoctrl.exe
    3⤵
    PID:2552
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im guard.exe
    3⤵
    PID:1704
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im gcasdtserv.exe
    3⤵
    PID:2308
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im msmpeng.exe
    3⤵
    PID:2812
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcafee.exe
    3⤵
    PID:2700
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mghml.exe
    3⤵
    PID:2844
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im msiexec.exe
    3⤵
    PID:2664
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im outpost.exe
    3⤵
    PID:1892
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im isafe.exe
    3⤵
    PID:2540
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im minilog.exe
    3⤵
    PID:2608
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im zonealarm.exe
    3⤵
    PID:1784
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im zlclient.exe
    3⤵
    PID:2548
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im updclient.exe
    3⤵
    PID:2784
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccapp.exe
    3⤵
    PID:844
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navw32.exe
    3⤵
    PID:2596
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norton.exe
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navapsvc.exe
    3⤵
    PID:2764
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccsetmgr.exe
    3⤵
    PID:1180
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cccproxy.exe
    3⤵
    PID:2616
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccapp.exe
    3⤵
    PID:2716
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccevtmgr.exe
    3⤵
    PID:2964
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npfmntor.exe
    3⤵
    PID:3068
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im logexprt.exe
    3⤵
    PID:2092
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nisum.exe
    3⤵
    PID:2648
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im issvc.exe
    3⤵
    PID:1832
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cpdclnt.exe
    3⤵
    PID:2752
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavprsrv.exe
    3⤵
    PID:1480
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavprot.exe
    3⤵
    PID:1644
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avengine.exe
    3⤵
    PID:3028
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im apvxdwin.exe
    3⤵
    PID:2136
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im webproxy.exe
    3⤵
    PID:2184
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avguard.exe
    3⤵
    PID:448
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgnt.exe
    3⤵
    PID:600
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im shed.exe
    3⤵
    PID:2240
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avsched32.exe
    3⤵
    PID:2056
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sccomm.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2520
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spiderml.exe
    3⤵
    PID:1940
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sgmain.exe
    3⤵
    PID:1924
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spywareguard.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1772
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im kpf4gui.exe
    3⤵
    PID:864
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im kpf4ss.exe
    3⤵
    PID:1652
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcdash.exe
    3⤵
    PID:1168
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcdetect.exe
    3⤵
    PID:2024
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcregwiz.exe
    3⤵
    PID:2432
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcinfo.exe
    3⤵
    - Kills process with taskkill
    PID:1752
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mghtml.exe
    3⤵
    PID:2500
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im oasclnt.exe
    3⤵
    PID:1744
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpfagent.exe
    3⤵
    PID:2460
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpfconsole.exe
    3⤵
    PID:780
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpfservice.exe
    3⤵
    PID:980
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpftray.exe
    3⤵
    PID:2120
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpfwizard.exe
    3⤵
    PID:2632
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mvtx.exe
    3⤵
    PID:2552
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im _avp32.exe
    3⤵
    PID:1704
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im _avpcc.exe
    3⤵
    PID:2308
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im _avpm.exe
    3⤵
    PID:2836
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ackwin32.exe
    3⤵
    PID:924
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im advxdwin.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2844
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im agentsvr.exe
    3⤵
    PID:2676
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im agv.exe
    3⤵
    PID:2724
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ahnsd.exe
    3⤵
    PID:2672
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im alertsvc.exe
    3⤵
    PID:2696
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im alogserv.exe
    3⤵
    PID:2620
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im amon.exe
    3⤵
    - Kills process with taskkill
    PID:2148
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im amon9x.exe
    3⤵
    PID:2400
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im amonavp32.exe
    3⤵
    PID:1812
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im anti -trojan.exe
    3⤵
    PID:2600
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im antivir.exe
    3⤵
    PID:2088
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im antivirus.exe
    3⤵
    PID:2796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ants.exe
    3⤵
    PID:1096
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im antssircam.exe
    3⤵
    PID:2896
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im apimonitor.exe
    3⤵
    PID:1824
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im aplica32.exe
    3⤵
    PID:2936
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im apvxdwin.exe
    3⤵
    PID:2900
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im atcon.exe
    3⤵
    PID:1364
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im atguard.exe
    3⤵
    PID:536
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ats.exe
    3⤵
    PID:1832
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im atscan.exe
    3⤵
    PID:2752
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im atupdater.exe
    3⤵
    PID:1480
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im atwatch.exe
    3⤵
    PID:2232
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im autodown.exe
    3⤵
    PID:3028
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im autotrace.exe
    3⤵
    PID:2136
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im autoupdate.exe
    3⤵
    PID:2184
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avconsol.exe
    3⤵
    PID:448
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ave32.exe
    3⤵
    PID:600
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgcc32.exe
    3⤵
    PID:2240
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgctrl.exe
    3⤵
    PID:2056
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgserv.exe
    3⤵
    PID:572
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgserv9.exe
    3⤵
    PID:1964
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgserv9schedapp.exe
    3⤵
    PID:1088
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avgw.exe
    3⤵
    PID:2456
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avkpop.exe
    3⤵
    PID:2472
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avkserv.exe
    3⤵
    PID:1036
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avkservice.exe
    3⤵
    PID:1880
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avkwcl9.exe
    3⤵
    PID:2464
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avkwctl9.exe
    3⤵
    PID:2024
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avnt.exe
    3⤵
    PID:2432
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avp.exe
    3⤵
    PID:1916
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avp32.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1692
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpcc.exe
    3⤵
    PID:1000
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im AVPCC Service.exe
    3⤵
    PID:3052
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpccavpm.exe
    3⤵
    PID:3056
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpdos32.exe
    3⤵
    PID:2480
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpexec.exe
    3⤵
    PID:2860
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpinst.exe
    3⤵
    PID:2744
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpm.exe
    3⤵
    PID:2036
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpmonitor.exe
    3⤵
    - Kills process with taskkill
    PID:2108
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avptc.exe
    3⤵
    PID:2300
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avptc32.exe
    3⤵
    PID:2852
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpupd.exe
    3⤵
    PID:2680
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avpupdates.exe
    3⤵
    PID:2268
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avrescue.exe
    3⤵
    PID:2664
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avsched32.exe
    3⤵
    PID:2624
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avsynmgr.exe
    3⤵
    PID:1796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avwin95.exe
    3⤵
    PID:2740
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avwinnt.exe
    3⤵
    - Kills process with taskkill
    PID:1720
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avwupd32.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:996
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxgui.exe
    3⤵
    PID:2892
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxinit.exe
    3⤵
    PID:1900
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxlive.exe
    3⤵
    PID:1156
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxmonitor9x.exe
    3⤵
    PID:2960
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxmonitornt.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2952
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxnews.exe
    3⤵
    PID:2764
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxquar.exe
    3⤵
    - Kills process with taskkill
    PID:1180
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxsch.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2616
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im avxw.exe
    3⤵
    PID:2716
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im BACKLOG.exe
    3⤵
    PID:2964
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bd_professional.exe
    3⤵
    PID:2424
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bidef.exe
    3⤵
    PID:1100
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bidserver.exe
    3⤵
    PID:2152
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bipcp.exe
    3⤵
    PID:2776
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bisp.exe
    3⤵
    PID:2528
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im blackd.exe
    3⤵
    PID:2348
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im blackice.exe
    3⤵
    PID:1028
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im blackiceblackd.exe
    3⤵
    - Kills process with taskkill
    PID:2100
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im BootWarn.exe
    3⤵
    PID:2440
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im borg2.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3016
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bs120.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:932
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im bullguard.exe
    3⤵
    PID:2080
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccApp.exe
    3⤵
    PID:1356
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccevtmgr.exe
    3⤵
    PID:1600
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccIMScan.exe
    3⤵
    PID:744
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccPwdSrc.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2508
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccpxysvc.exe
    3⤵
    PID:2180
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ccSetMgr.exe
    3⤵
    PID:1728
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cdp.exe
    3⤵
    PID:1664
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cfiadmin.exe
    3⤵
    PID:2928
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cfiaudit.exe
    3⤵
    PID:2028
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cfinet.exe
    3⤵
    PID:2324
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cfinet32.exe
    3⤵
    PID:2492
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im claw95.exe
    3⤵
    PID:2396
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im claw95cf.exe
    3⤵
    PID:1760
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im clean.exe
    3⤵
    PID:892
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cleaner.exe
    3⤵
    - Kills process with taskkill
    PID:1520
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cleaner3.exe
    3⤵
    PID:740
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cleanpc.exe
    3⤵
    PID:2064
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cmgrdian.exe
    3⤵
    PID:1820
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cmon016.exe
    3⤵
    PID:2812
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im codered.exe
    3⤵
    PID:2308
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im connectionmonitor.exe
    3⤵
    PID:2816
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im conseal.exe
    3⤵
    PID:3048
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cpd.exe
    3⤵
    PID:2132
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im cpf9x206.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:884
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ctrl.exe
    3⤵
    PID:2676
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im defalert.exe
    3⤵
    PID:2608
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im defence.exe
    3⤵
    PID:2544
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im defense.exe
    3⤵
    PID:1856
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im defscangui.exe
    3⤵
    PID:2620
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im defwatch.exe
    3⤵
    - Kills process with taskkill
    PID:2148
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im deputy.exe
    3⤵
    PID:1548
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im doors.exe
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im dpf.exe
    3⤵
    PID:2072
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im drwatson.exe
    3⤵
    PID:2788
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im drweb32.exe
    3⤵
    PID:1160
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im dvp95.exe
    3⤵
    PID:2944
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im dvp95_0.exe
    3⤵
    - Kills process with taskkill
    PID:1676
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ecengine.exe
    3⤵
    PID:2612
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im edisk.exe
    3⤵
    PID:2716
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im efpeadm.exe
    3⤵
    PID:2964
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im esafe.exe
    3⤵
    PID:2424
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im escanh95.exe
    3⤵
    PID:1100
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im escanhnt.exe
    3⤵
    PID:2152
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im escanv95.exe
    3⤵
    PID:2776
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im espwatch.exe
    3⤵
    PID:2528
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im etrustcipe.exe
    3⤵
    PID:3020
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im evpn.exe
    3⤵
    PID:552
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im exantivirus -cnet.exe
    3⤵
    PID:1904
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fameh32.exe
    3⤵
    PID:2136
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fast.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2184
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fch32.exe
    3⤵
    PID:2060
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fih32.exe
    3⤵
    PID:696
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im findviru.exe
    3⤵
    PID:352
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im firewall.exe
    3⤵
    PID:1940
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fix-it.exe
    3⤵
    PID:572
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im flowprotector.exe
    3⤵
    PID:904
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fnrb32.exe
    3⤵
    PID:864
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fp -win.exe
    3⤵
    PID:1404
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fp -win_trial.exe
    3⤵
    PID:1728
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fprot.exe
    3⤵
    PID:2472
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im frw.exe
    3⤵
    PID:1036
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsaa.exe
    3⤵
    PID:2520
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsav32.exe
    3⤵
    PID:288
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsav95.exe
    3⤵
    PID:2320
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsave32.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2408
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsgk32.exe
    3⤵
    - Kills process with taskkill
    PID:960
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsm32.exe
    3⤵
    PID:3056
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsma32.exe
    3⤵
    PID:1516
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fsmb32.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2992
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im fwenc.exe
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im gbmenu.exe
    3⤵
    - Kills process with taskkill
    PID:1592
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im gbpoll.exe
    3⤵
    PID:1208
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im gedit.exe
    3⤵
    PID:2640
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im generics.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2712
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im grief3878.exe
    3⤵
    PID:2572
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im guard.exe
    3⤵
    PID:1872
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im guarddog.exe
    3⤵
    PID:2664
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im HackerEliminator.exe
    3⤵
    PID:1892
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iamapp.exe
    3⤵
    PID:2540
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iamserv.exe
    3⤵
    PID:2740
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iamstats.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1720
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ibmasn.exe
    3⤵
    PID:2592
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ibmavsp.exe
    3⤵
    PID:1896
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im icload95.exe
    3⤵
    PID:844
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im icloadnt.exe
    3⤵
    PID:2276
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im icmon.exe
    3⤵
    PID:2960
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im icsupp95.exe
    3⤵
    PID:2088
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im icsuppnt.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2764
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iface.exe
    3⤵
    - Kills process with taskkill
    PID:1180
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ifw2000.exe
    3⤵
    PID:1808
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im inoculateit.exe
    3⤵
    PID:2924
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iomon98.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2936
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iparmor.exe
    3⤵
    PID:584
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im iris.exe
    3⤵
    PID:2092
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im isrv95.exe
    3⤵
    PID:1348
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im jammer.exe
    3⤵
    PID:548
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im jedi.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2752
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im kavpf.exe
    3⤵
    PID:1644
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ldnetmon.exe
    3⤵
    PID:1028
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ldpromenu.exe
    3⤵
    PID:2100
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ldscan.exe
    3⤵
    PID:912
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im localnet.exe
    3⤵
    - Kills process with taskkill
    PID:2168
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im lockdown.exe
    3⤵
    PID:2372
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im lookout.exe
    3⤵
    PID:932
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im luall.exe
    3⤵
    - Kills process with taskkill
    PID:1280
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im lucomserver.exe
    3⤵
    PID:2344
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im luspt.exe
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcafee.exe
    3⤵
    PID:964
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcagent.exe
    3⤵
    PID:2332
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcmnhdlr.exe
    3⤵
    - Kills process with taskkill
    PID:1776
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcshield.exe
    3⤵
    PID:1728
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcshieldvvstat.exe
    3⤵
    PID:2472
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mctool.exe
    3⤵
    PID:1036
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcupdate.exe
    3⤵
    PID:2520
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcvsrte.exe
    3⤵
    PID:288
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mcvsshld.exe
    3⤵
    PID:2320
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mgavrtcl.exe
    3⤵
    PID:2684
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mgavrte.exe
    3⤵
    PID:2452
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mghtml.exe
    3⤵
    - Kills process with taskkill
    PID:1520
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mgui.exe
    3⤵
    PID:2744
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im minilog.exe
    3⤵
    PID:2036
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mon.exe
    3⤵
    PID:1820
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im monitor.exe
    3⤵
    PID:2300
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im monsys32.exe
    3⤵
    PID:2308
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im monsysnt.exe
    3⤵
    PID:2680
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im moolive.exe
    3⤵
    PID:2800
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpfservice.exe
    3⤵
    - Kills process with taskkill
    PID:2832
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mpftray.exe
    3⤵
    PID:884
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mrflux.exe
    3⤵
    PID:1884
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im msinfo32.exe
    3⤵
    PID:2708
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mwatch.exe
    3⤵
    PID:2560
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im mxtask.exe
    3⤵
    PID:1856
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im n32scanw.exe
    3⤵
    PID:2892
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nav.exe
    3⤵
    PID:1900
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im NAV DefAlert.exe
    3⤵
    PID:1548
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nav32.exe
    3⤵
    PID:1268
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navalert.exe
    3⤵
    PID:2020
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navap.exe
    3⤵
    PID:2600
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navapsvc.exe
    3⤵
    PID:2532
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im NAVAPW32.exe
    3⤵
    PID:2796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navauto -protect.exe
    3⤵
    PID:664
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navdx.exe
    3⤵
    PID:2932
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navengnavex15.exe
    3⤵
    PID:2616
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navlu32.exe
    3⤵
    PID:2288
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navnt.exe
    3⤵
    PID:1052
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navrunr.exe
    3⤵
    PID:2964
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navstub.exe
    3⤵
    PID:2424
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im navw32.exe
    3⤵
    PID:1100
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Navwnt.exe
    3⤵
    PID:2384
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nc2000.exe
    3⤵
    PID:2172
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ndd32.exe
    3⤵
    PID:1480
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im neomonitor.exe
    3⤵
    PID:3008
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im neowatchlog.exe
    3⤵
    PID:3028
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im net2000.exe
    3⤵
    PID:1904
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netarmor.exe
    3⤵
    PID:3016
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netcommando.exe
    3⤵
    PID:600
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netinfo.exe
    3⤵
    - Kills process with taskkill
    PID:1492
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netmon.exe
    3⤵
    PID:896
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netpro.exe
    3⤵
    PID:1648
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netprotect.exe
    3⤵
    PID:2376
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netscanpro.exe
    3⤵
    PID:1088
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netspyhunter -1.2.exe
    3⤵
    PID:2180
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netstat.exe
    3⤵
    PID:904
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netutils.exe
    3⤵
    PID:864
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im netutils].exe
    3⤵
    PID:1764
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nimda.exe
    3⤵
    PID:2928
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nisserv.exe
    3⤵
    PID:2028
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nisum.exe
    3⤵
    PID:2324
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nisumnisservnisum.exe
    3⤵
    PID:1692
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nmain.exe
    3⤵
    PID:1184
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nod32.exe
    3⤵
    PID:2436
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norman.exe
    3⤵
    PID:1780
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norman_32.exe
    3⤵
    PID:2480
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norman_av.exe
    3⤵
    PID:2860
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norman32.exe
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im normanav.exe
    3⤵
    PID:2996
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im normist.exe
    3⤵
    PID:2736
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norton.exe
    3⤵
    - Kills process with taskkill
    PID:2872
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Norton Auto-Protect.exe
    3⤵
    PID:1628
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im norton_av.exe
    3⤵
    PID:2680
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nortonav.exe
    3⤵
    PID:3048
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im notstart.exe
    3⤵
    - Kills process with taskkill
    PID:2132
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npfmessenger.exe
    3⤵
    PID:2624
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npfw.exe
    3⤵
    PID:1796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npfw32.exe
    3⤵
    PID:3004
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nprotect.exe
    3⤵
    PID:2544
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npscheck.exe
    3⤵
    PID:1856
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im npssvc.exe
    3⤵
    PID:2892
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nresq32.exe
    3⤵
    PID:1900
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nsched32.exe
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nschednt.exe
    3⤵
    PID:1156
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nsplugin.exe
    3⤵
    - Kills process with taskkill
    PID:2788
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ntrtscan.exe
    3⤵
    PID:2884
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ntvdm.exe
    3⤵
    PID:808
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ntxconfig.exe
    3⤵
    PID:576
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nui.exe
    3⤵
    PID:2972
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nupgrade.exe
    3⤵
    - Kills process with taskkill
    PID:3068
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nvarch16.exe
    3⤵
    PID:2588
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nvc95.exe
    3⤵
    PID:584
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nvsvc32.exe
    3⤵
    PID:2856
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nwservice.exe
    3⤵
    PID:320
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im nwtool16.exe
    3⤵
    PID:1124
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im offguard.exe
    3⤵
    PID:1044
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im OPScan.exe
    3⤵
    PID:2232
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ostronet.exe
    3⤵
    PID:552
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im outpost.exe
    3⤵
    PID:2100
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im padmin.exe
    3⤵
    PID:916
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im panda.exe
    3⤵
    PID:2644
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pandaav.exe
    3⤵
    PID:1380
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im panixk.exe
    3⤵
    PID:2060
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pav.exe
    3⤵
    PID:848
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavcl.exe
    3⤵
    PID:2344
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavproxy.exe
    3⤵
    PID:2496
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavsched.exe
    3⤵
    PID:1696
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pavw.exe
    3⤵
    PID:2000
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pc -cillan.exe
    3⤵
    PID:2312
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pc -cillin.exe
    3⤵
    PID:1664
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pccclient.exe
    3⤵
    PID:1776
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pccguide.exe
    3⤵
    PID:1652
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pcciomon.exe
    3⤵
    PID:1368
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pccntmon.exe
    3⤵
    - Kills process with taskkill
    PID:2464
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pccwin97.exe
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pccwin98.exe
    3⤵
    - Kills process with taskkill
    PID:3024
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pcfwallicon.exe
    3⤵
    PID:1920
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pcscan.exe
    3⤵
    PID:1300
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im periscope.exe
    3⤵
    PID:1552
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im persfw.exe
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pf2.exe
    3⤵
    PID:1580
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pfwadmin.exe
    3⤵
    PID:2632
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pingscan.exe
    3⤵
    PID:2108
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im platin.exe
    3⤵
    PID:2988
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pop3trap.exe
    3⤵
    PID:2660
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im poproxy.exe
    3⤵
    PID:1712
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im portdetective.exe
    3⤵
    PID:2680
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im portmonitor.exe
    3⤵
    PID:3048
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ppinupdt.exe
    3⤵
    PID:2132
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pptbc.exe
    3⤵
    PID:2624
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ppvstop.exe
    3⤵
    PID:1796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im processmonitor.exe
    3⤵
    PID:3004
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im procexplorerv10#.exe
    3⤵
    PID:2544
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im programauditor.exe
    3⤵
    PID:1856
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im proport.exe
    3⤵
    PID:2892
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im protectx.exe
    3⤵
    PID:1900
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pspf.exe
    3⤵
    PID:2772
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im purge.exe
    3⤵
    PID:2276
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pview95.exe
    3⤵
    PID:2920
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im pw32.exe
    3⤵
    PID:2532
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im qconsole.exe
    3⤵
    PID:2796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rav.exe
    3⤵
    PID:1676
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rav7.exe
    3⤵
    PID:2272
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rav7win.exe
    3⤵
    PID:1824
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im realmon.exe
    3⤵
    PID:1992
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im regrun2.exe
    3⤵
    - Kills process with taskkill
    PID:2968
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rescue.exe
    3⤵
    PID:1364
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rrguard.exe
    3⤵
    PID:1524
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rshell.exe
    3⤵
    PID:1832
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rtvscn95.exe
    3⤵
    PID:2388
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im rulaunch.exe
    3⤵
    PID:3020
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im safeweb.exe
    3⤵
    PID:1028
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im SAVscan.exe
    3⤵
    PID:2352
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sbserv.exe
    3⤵
    PID:1860
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im SBservice.exe
    3⤵
    PID:2168
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im scan.exe
    3⤵
    PID:628
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im scan32.exe
    3⤵
    PID:932
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im scan95.exe
    3⤵
    PID:1280
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im scanpm.exe
    3⤵
    PID:1048
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im scrscan.exe
    3⤵
    PID:1940
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sd.exe
    3⤵
    PID:1544
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im SENS.exe
    3⤵
    PID:1912
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im serv95.exe
    3⤵
    PID:1664
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sfc.exe
    3⤵
    PID:1776
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sh.exe
    3⤵
    PID:1652
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sharedaccess.exe
    3⤵
    PID:1368
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im shn.exe
    3⤵
    PID:2464
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im smc.exe
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sofi.exe
    3⤵
    PID:2396
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sophos.exe
    3⤵
    PID:2320
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sophos_av.exe
    3⤵
    PID:1300
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sophosav.exe
    3⤵
    PID:1552
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spf.exe
    3⤵
    PID:2428
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sphinx.exe
    3⤵
    PID:1596
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spy.exe
    3⤵
    PID:2996
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spygate.exe
    3⤵
    PID:2280
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spyx.exe
    3⤵
    PID:2692
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im spyxx.exe
    3⤵
    PID:1484
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im srwatch.exe
    3⤵
    PID:2068
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im ss3edit.exe
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im st2.exe
    3⤵
    PID:2676
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im supftrl.exe
    3⤵
    PID:2724
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im supp95.exe
    3⤵
    PID:2828
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im supporter5.exe
    3⤵
    PID:2656
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sweep95.exe
    3⤵
    PID:2620
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sweepnet.exe
    3⤵
    PID:1464
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sweepsrv.sys.exe
    3⤵
    PID:1864
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sweepsrv.sysvshwin32.exe
    3⤵
    PID:2072
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im swnetsup.exe
    3⤵
    PID:2020
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im symantec.exe
    3⤵
    PID:2088
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Symantec Core LC.exe
    3⤵
    PID:2952
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im symlcsvc.exe
    3⤵
    PID:2920
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im symproxysvc.exe
    3⤵
    PID:2532
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im symtray.exe
    3⤵
    PID:2796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sysedit.exe
    3⤵
    PID:1676
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im taskmon.exe
    3⤵
    PID:2272
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im taumon.exe
    3⤵
    PID:1824
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tauscan.exe
    3⤵
    PID:1992
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tbscan.exe
    3⤵
    PID:2648
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tcm.exe
    3⤵
    PID:1612
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tctca.exe
    3⤵
    PID:1096
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tds -3.exe
    3⤵
    PID:1832
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tds2 -98.exe
    3⤵
    PID:1644
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tds2 -nt.exe
    3⤵
    PID:2752
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tfak.exe
    3⤵
    PID:1928
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tfak5.exe
    3⤵
    PID:1136
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im tgbob.exe
    3⤵
    PID:280
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im trendmicro.exe
    3⤵
    PID:1788
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im trjscan.exe
    3⤵
    PID:1080
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im trojantrap3.exe
    3⤵
    PID:2240
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im TrueVector.exe
    3⤵
    PID:1356
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im undoboot.exe
    3⤵
    PID:1648
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im update.exe
    3⤵
    PID:1964
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vbcmserv.exe
    3⤵
    PID:2508
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vbcons.exe
    3⤵
    PID:1032
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vbust.exe
    3⤵
    PID:888
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vbwin9x.exe
    3⤵
    PID:1792
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vbwinntw.exe
    3⤵
    PID:2208
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vccmserv.exe
    3⤵
    PID:2472
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vcontrol.exe
    3⤵
    PID:2028
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vet32.exe
    3⤵
    PID:1756
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vet95.exe
    3⤵
    PID:288
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vettray.exe
    3⤵
    PID:3056
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vir -help.exe
    3⤵
    PID:2436
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im virus.exe
    3⤵
    PID:1908
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im virusmdpersonalfirewall.exe
    3⤵
    PID:1780
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vnlan300.exe
    3⤵
    PID:3040
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vnpc3000.exe
    3⤵
    - Kills process with taskkill
    PID:2328
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vpc32.exe
    3⤵
    PID:2300
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vpfw30s.exe
    3⤵
    PID:1716
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vptray.exe
    3⤵
    PID:2840
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vscan40.exe
    3⤵
    PID:2824
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im vsched.exe
    3⤵
    PID:1060
- C:\Windows\crackerng488.exe
  "C:\Windows\crackerng488.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Windows\SysWOW64\28463\LOSM.exe
    "C:\Windows\system32\28463\LOSM.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Drops file in System32 directory
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2564
- - C:\Windows\SysWOW64\regedit.exe
    "regedit.exe" "C:\Users\Admin\AppData\Local\Temp\CRACK_NG_4.8.2.reg"
    3⤵
    - Loads dropped DLL
    - Runs .reg file with regedit
    PID:2088

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -Embedding
1⤵
PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CRACK_NG_4.8.2.reg

Filesize
24KB

MD5
8978623e9f4b85e742377d79ad53f0a8

SHA1
1db868e19cd4ff239c8b3cb9f84931a093fa6817

SHA256
149da912aa8e2067917f86d9e942eca0a0e09408b7c5ad83e6a0de77ebd20d1a

SHA512
de2e0f3571b21f1dfb56bc7cfb3d3d15fcb1440f586fe1d625d2136428238209ce93a3a5ad945abe271d9446aa9f67181cced9b585b94cda64a14c3847ca9663

Download Submit
C:\Windows\SysWOW64\28463\AKV.exe

Filesize
457KB

MD5
9541a795c17a4721ab78c1f70503c5e2

SHA1
cd9d0803946b3a667eb78f5e54135afe3bd48c92

SHA256
959c36c7f96fd91cdfa2c383b98f57d57ced65a191d1972a8d0c1647c987522f

SHA512
08d824199e941bb7ce7ae2d3607efaca9a4cc3e64f227f0df8d3f395a827552d44f8ca6936f5ec7fb9c56aa73531b85825ac0242e01fcbff342add52cb1c6a73

Download Submit
C:\Windows\SysWOW64\28463\LOSM.001

Filesize
424B

MD5
704a804683645a308df7afe3b27016d1

SHA1
5c02fc5d1ba656c641b76ae3a4e279ea9e5e46da

SHA256
2b75b7a2f38d0f5dcaadcfa324743e90b4a2a4749f01aa7b2c96c7b6b0f12827

SHA512
88346caed5d8e2202aac83c0d03f9c9ba28eebdb8335103b9cfa168ab6e8bc7c67ed62db7ccc692d9b4480874689ce7a21034564cf89c4daea0026320ece183e

Download Submit
C:\Windows\SysWOW64\28463\LOSM.006

Filesize
8KB

MD5
700b38a2436cc970f6fce66052b49440

SHA1
5517dd5f52130da84ca0c51e5196f879ec03e032

SHA256
530c2a4775a7bc65defbc42b677e25debdba0ed9cd889103e8da3d6971937e43

SHA512
3f35a2a321a6c5a3afe886d97aefcf90bf84162204dc568655352f22ff06d9bdc0e48db4d9aebad0f1b9701dd258821d51a5760e3254e3c216a2cd0399ceca19

Download Submit
C:\Windows\SysWOW64\28463\LOSM.007

Filesize
5KB

MD5
fe36b634de34cc0dffac14affda16947

SHA1
c4c7fead2391fa9ecac96f5b59bab1ccfa3a8c20

SHA256
c226f64becf1c51ccaa1765e23a6701966e89862f3103b32557f06fb829a1d82

SHA512
4ff13fef053b14aa3054c51a960f72a75f9128877cc4c79dc289a091d048b23cf8d7a2962a989efc4aa5082090be911a6cfdb25de0e4c2eaadd2a31a16143f85

Download Submit
C:\Windows\SysWOW64\28463\key.bin

Filesize
105B

MD5
27c90d4d9b049f4cd00f32ed1d2e5baf

SHA1
338a3ea8f1e929d8916ece9b6e91e697eb562550

SHA256
172d6f21165fb3ca925e5b000451fd8946920206f7438018c28b158b90cf5ffb

SHA512
d73dadb3cf74c647ce5bad5b87d3fb42a212defcba8afb8cf962020b61a0369c0a2b1005797583daf1f1ae88b29b7288bc544a53d643f3519cf604aa0ffd6dae

Download Submit
C:\Windows\crackerng488.exe

Filesize
812KB

MD5
f46cfac831ef32d4af2be13113ec8012

SHA1
8d371575df6afebbaa186034444d9916265925fa

SHA256
ac4db48601a087e75468a011b27e3dfe702d3c8a342c73b8d6842e89034a6bb1

SHA512
11d2a463743197230a330ac31896ba4c57b1a8c7fa6282b2df03985e27aa38eb85a99d908fff00f464edc570b1df706bd8abaaa847d659c70cae859a5fcf5642

Download Submit
C:\Windows\super_kill.bat

Filesize
85KB

MD5
60e3467920f4c89f515c2f2b86653139

SHA1
0f2b17ecb71b2c69302b757db86426c7cc1aa597

SHA256
32b63b45f2bffcafe822485019e0610fc189740c8791b8ee5b19da30d6807d63

SHA512
46eed8c23398805bbd67282fe2404c960cb6117d667646a35be3ce3e3ad81789670b1a541c4814bc36c470e663c26d93baf77aaea68cb0a891c013e08452672d

Download Submit
\Users\Admin\AppData\Local\Temp\@F086.tmp

Filesize
4KB

MD5
213cd80ec887a3a0a995d6f3f4989b7e

SHA1
67552f164cd92c5a8dd760bdfdea25da8a552f48

SHA256
4cfb72ae33817890fc6979f2ba4258f59c01eaa4dec50ee8dc58ce95dc7c40a9

SHA512
40d7782b17168f5e00d735c3eaa83df5e1e976664d9182ee6f3408bf284a878dcfb514b7c0c14842c988511e29a806f19fb9f1fab1addb0b49b3e1017e7efc88

Download Submit
\Windows\SysWOW64\28463\LOSM.exe

Filesize
647KB

MD5
d2a3e3bdc583c5a93323c3ce8ca8759e

SHA1
01084b3c016dd46cf83cfdb862d2ac7a4b0df832

SHA256
697b14a4a7cf6175e22103b29d4a7c430f3db6fe687f8dd9c8494ffe3ecbc16b

SHA512
c2dbbc0105c0fcceac89a6a0da06ad2c00fb205c7cac9b16a4874c5b2fc742aba0e750d9d8e153978260b3c2c01ce8978bd1ff448c593b2e75e2216c01b160a6

Download Submit
memory/2564-40-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/2564-39-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/2564-56-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/2564-62-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/2740-32-0x00000000028E0000-0x00000000029BF000-memory.dmp

Filesize
892KB

Download
memory/2856-0-0x0000000000400000-0x0000000000653000-memory.dmp

Filesize
2.3MB

Download
memory/2856-22-0x0000000000400000-0x0000000000653000-memory.dmp

Filesize
2.3MB

Download
memory/2856-3-0x0000000000400000-0x0000000000653000-memory.dmp

Filesize
2.3MB

Download
memory/2856-2-0x0000000000401000-0x0000000000404000-memory.dmp

Filesize
12KB

Download
memory/2856-55-0x0000000000400000-0x0000000000653000-memory.dmp

Filesize
2.3MB

Download