09c91862d6e40c74f6edc233440b5f691d498ede6fb00bb43d309ca24e4e67b9

Analysis

max time kernel
338s
max time network
745s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
12-11-2024 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe
Size

17.0MB
MD5

66a5f61f37f3591291b3e722e38f7541
SHA1

50e2cda0a2ca8e60358f5dd3892d0c36f383f919
SHA256

b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f
SHA512

2428bcfac5e6ca5679ecc843faab346a1f7f6105543ea60422b86932365c0eb543d608349816947d4db1b1d09fa256b9d28912ec68bbef34683bf6f77096a85f
SSDEEP

393216:XdJGflJtgolQr+2jWHkWs24nqBHrtQipdLlQPP8QVHPD6N6/:NJklJtgVtg4nqDLW38qWNc

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe"	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe

Drops file in Windows directory 12 IoCs

Processes:

b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe

description	ioc	process
File created	C:\Windows\7.vbs	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe
File created	C:\Windows\x.bat	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe
File created	C:\Windows\1.bat	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe
File created	C:\Windows\2.vbs	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe
File created	C:\Windows\3.vbs	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe
File created	C:\Windows\4.vbs	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe
File created	C:\Windows\5.vbs	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe
File created	C:\Windows\1.vbs	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe
File created	C:\Windows\6.vbs	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe
File created	C:\Windows\12.vbs	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe
File created	C:\Windows\ÍõÕßÈÙÒ«Ë¢µãÈ¯.vbs	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe
File created	C:\Windows\ÖÐ¶¾ÉùÃ÷.txt	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

taskkill.exetaskkill.exePING.EXEtaskkill.exetaskkill.exeWScript.exeWScript.exetaskkill.exetaskkill.exetaskkill.exePING.EXEtaskkill.exetaskkill.exetaskkill.exeWScript.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exePING.EXEPING.EXEtaskkill.exetaskkill.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 64 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

Processes:

PING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXE

pid	process
13140
10376
15768
17272
17768
6488
9048
3424
2144	PING.EXE
892	PING.EXE
21012
23356
2592	PING.EXE
12168
13580
13728
12496
16516
2204	PING.EXE
9592
4304
21376
7224
5196
8672
7300
13864
12764
15060
20044
3784	PING.EXE
8388
13584
3704
11288
13060
7936
19752
9552
14688
18024
20424
20156
6592
6528
9788
22572
20136
16936
6052
9400
12124
3920
5092
11864
1876	PING.EXE
13180
21748
19664
5872
9088
14568
22168
9708

Kills process with taskkill 64 IoCs

evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid	process
21576
4176	taskkill.exe
5560
9156
8172
10468
12908
11936
4776	taskkill.exe
6208
3132
2000	taskkill.exe
1688	taskkill.exe
6868
17648
15600
6804
11304
12676
9332
9988
17976
4760	taskkill.exe
6396
10136
17824
6232
10504
13800
22408
5340
6748
6932
6480
21292
6100
8104
4800
6308
16352
16140
15220
10416
11072
16548
18412
19764
18656
2536	taskkill.exe
1532	taskkill.exe
1404	taskkill.exe
8844
6464
9268
12488
12704
15076
21700
9460
1948
12280
13604
20404
22708

Runs net.exe

Runs ping.exe 1 TTPs 64 IoCs

Remote System Discovery

T1018

Processes:

PING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXE

pid	process
22572
892	PING.EXE
3424
12000
23060
19412
5536
17668
17472
14956
22856
3276	PING.EXE
7936
10476
12516
1876	PING.EXE
8732
13184
2832	PING.EXE
12544
960	PING.EXE
6924
19916
7116
8152
10560
7864
11924
2212	PING.EXE
3864	PING.EXE
3456
22952
15968
14544
17728
18676
15520
17216
21344
18024
6488
9764
11560
5012	PING.EXE
9564
19044
3348
14568
18636
21084
9484
13800
17792
14152
18324
11120
13380
18088
17648
4060
8108
11352
5124
7980

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

cmd.exe

pid process

2664 cmd.exe

pid	process
2664	cmd.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

AUDIODG.EXEtaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

description	pid	process
Token: 33	952	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	952	AUDIODG.EXE
Token: 33	952	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	952	AUDIODG.EXE
Token: SeDebugPrivilege	436	taskkill.exe
Token: SeDebugPrivilege	1388	taskkill.exe
Token: SeDebugPrivilege	1832	taskkill.exe
Token: SeDebugPrivilege	1908	taskkill.exe
Token: SeDebugPrivilege	820	taskkill.exe
Token: SeDebugPrivilege	2232	taskkill.exe
Token: SeDebugPrivilege	2844	taskkill.exe
Token: SeDebugPrivilege	2416	taskkill.exe
Token: SeDebugPrivilege	2452	taskkill.exe
Token: SeDebugPrivilege	2316	taskkill.exe
Token: SeDebugPrivilege	2228	taskkill.exe
Token: SeDebugPrivilege	1572	taskkill.exe
Token: SeDebugPrivilege	1716	taskkill.exe
Token: SeDebugPrivilege	2216	taskkill.exe
Token: SeDebugPrivilege	2000	taskkill.exe
Token: SeDebugPrivilege	2020	taskkill.exe
Token: SeDebugPrivilege	1292	taskkill.exe
Token: SeDebugPrivilege	1792	taskkill.exe
Token: SeDebugPrivilege	804	taskkill.exe
Token: SeDebugPrivilege	1728	taskkill.exe
Token: SeDebugPrivilege	2284	taskkill.exe
Token: SeDebugPrivilege	2540	taskkill.exe
Token: SeDebugPrivilege	1476	taskkill.exe
Token: SeDebugPrivilege	2792	taskkill.exe
Token: SeDebugPrivilege	2800	taskkill.exe
Token: SeDebugPrivilege	2784	taskkill.exe
Token: SeDebugPrivilege	1836	taskkill.exe
Token: SeDebugPrivilege	1080	taskkill.exe
Token: SeDebugPrivilege	2116	taskkill.exe
Token: SeDebugPrivilege	1992	taskkill.exe
Token: SeDebugPrivilege	2648	taskkill.exe
Token: SeDebugPrivilege	1300	taskkill.exe
Token: SeDebugPrivilege	1776	taskkill.exe
Token: SeDebugPrivilege	2464	taskkill.exe
Token: SeDebugPrivilege	2568	taskkill.exe
Token: SeDebugPrivilege	1684	taskkill.exe
Token: SeDebugPrivilege	2564	taskkill.exe
Token: SeDebugPrivilege	280	taskkill.exe
Token: SeDebugPrivilege	1712	taskkill.exe
Token: SeDebugPrivilege	1440	taskkill.exe
Token: SeDebugPrivilege	316	taskkill.exe
Token: SeDebugPrivilege	1816	taskkill.exe
Token: SeDebugPrivilege	3040	taskkill.exe
Token: SeDebugPrivilege	1876	taskkill.exe
Token: SeDebugPrivilege	1584	taskkill.exe
Token: SeDebugPrivilege	1580	taskkill.exe
Token: SeDebugPrivilege	1744	taskkill.exe
Token: SeDebugPrivilege	2272	taskkill.exe
Token: SeDebugPrivilege	1792	taskkill.exe
Token: SeDebugPrivilege	804	taskkill.exe
Token: SeDebugPrivilege	2776	taskkill.exe
Token: SeDebugPrivilege	2908	taskkill.exe
Token: SeDebugPrivilege	2676	taskkill.exe
Token: SeDebugPrivilege	2420	taskkill.exe
Token: SeDebugPrivilege	2604	taskkill.exe
Token: SeDebugPrivilege	2828	taskkill.exe
Token: SeDebugPrivilege	2092	taskkill.exe
Token: SeDebugPrivilege	1656	taskkill.exe
Token: SeDebugPrivilege	2992	taskkill.exe
Token: SeDebugPrivilege	2100	taskkill.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe

pid	process
2396	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe
2396	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exeWScript.execmd.exeWScript.execmd.execmd.exenet.execmd.exe

description	pid	process	target process
PID 2396 wrote to memory of 2816	2396	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe	WScript.exe
PID 2396 wrote to memory of 2816	2396	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe	WScript.exe
PID 2396 wrote to memory of 2816	2396	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe	WScript.exe
PID 2396 wrote to memory of 2816	2396	b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe	WScript.exe
PID 2816 wrote to memory of 2868	2816	WScript.exe	cmd.exe
PID 2816 wrote to memory of 2868	2816	WScript.exe	cmd.exe
PID 2816 wrote to memory of 2868	2816	WScript.exe	cmd.exe
PID 2816 wrote to memory of 2868	2816	WScript.exe	cmd.exe
PID 2868 wrote to memory of 2068	2868	cmd.exe	WScript.exe
PID 2868 wrote to memory of 2068	2868	cmd.exe	WScript.exe
PID 2868 wrote to memory of 2068	2868	cmd.exe	WScript.exe
PID 2868 wrote to memory of 2068	2868	cmd.exe	WScript.exe
PID 2068 wrote to memory of 1920	2068	WScript.exe	cmd.exe
PID 2068 wrote to memory of 1920	2068	WScript.exe	cmd.exe
PID 2068 wrote to memory of 1920	2068	WScript.exe	cmd.exe
PID 2068 wrote to memory of 1920	2068	WScript.exe	cmd.exe
PID 2068 wrote to memory of 2664	2068	WScript.exe	cmd.exe
PID 2068 wrote to memory of 2664	2068	WScript.exe	cmd.exe
PID 2068 wrote to memory of 2664	2068	WScript.exe	cmd.exe
PID 2068 wrote to memory of 2664	2068	WScript.exe	cmd.exe
PID 2068 wrote to memory of 2732	2068	WScript.exe	cmd.exe
PID 2068 wrote to memory of 2732	2068	WScript.exe	cmd.exe
PID 2068 wrote to memory of 2732	2068	WScript.exe	cmd.exe
PID 2068 wrote to memory of 2732	2068	WScript.exe	cmd.exe
PID 1920 wrote to memory of 436	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 436	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 436	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 436	1920	cmd.exe	taskkill.exe
PID 2068 wrote to memory of 1388	2068	WScript.exe	taskkill.exe
PID 2068 wrote to memory of 1388	2068	WScript.exe	taskkill.exe
PID 2068 wrote to memory of 1388	2068	WScript.exe	taskkill.exe
PID 2068 wrote to memory of 1388	2068	WScript.exe	taskkill.exe
PID 2664 wrote to memory of 1884	2664	cmd.exe	net.exe
PID 2664 wrote to memory of 1884	2664	cmd.exe	net.exe
PID 2664 wrote to memory of 1884	2664	cmd.exe	net.exe
PID 2664 wrote to memory of 1884	2664	cmd.exe	net.exe
PID 1884 wrote to memory of 1040	1884	net.exe	net1.exe
PID 1884 wrote to memory of 1040	1884	net.exe	net1.exe
PID 1884 wrote to memory of 1040	1884	net.exe	net1.exe
PID 1884 wrote to memory of 1040	1884	net.exe	net1.exe
PID 2732 wrote to memory of 2764	2732	cmd.exe	NOTEPAD.EXE
PID 2732 wrote to memory of 2764	2732	cmd.exe	NOTEPAD.EXE
PID 2732 wrote to memory of 2764	2732	cmd.exe	NOTEPAD.EXE
PID 2732 wrote to memory of 2764	2732	cmd.exe	NOTEPAD.EXE
PID 2664 wrote to memory of 2184	2664	cmd.exe	PING.EXE
PID 2664 wrote to memory of 2184	2664	cmd.exe	PING.EXE
PID 2664 wrote to memory of 2184	2664	cmd.exe	PING.EXE
PID 2664 wrote to memory of 2184	2664	cmd.exe	PING.EXE
PID 1920 wrote to memory of 1832	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 1832	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 1832	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 1832	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 1908	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 1908	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 1908	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 1908	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 820	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 820	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 820	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 820	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 2232	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 2232	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 2232	1920	cmd.exe	taskkill.exe
PID 1920 wrote to memory of 2232	1920	cmd.exe	taskkill.exe

C:\Users\Admin\AppData\Local\Temp\b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe
"C:\Users\Admin\AppData\Local\Temp\b2ec72de3543060f0f3af322c4f1caf2d65fa8ff56b5a93a5e8fa59c191d178f.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Windows\ÍõÕßÈÙÒ«Ë¢µãÈ¯.vbs"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c 7.vbs
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2868
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\7.vbs"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2068
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c x.bat
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1920
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:436
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1832
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1908
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:820
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2232
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2844
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2416
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2452
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2316
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2228
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1572
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1716
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2216
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2000
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2020
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1292
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1792
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:804
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1728
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2284
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2540
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1476
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2792
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2800
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2784
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1836
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1080
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2116
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1992
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2648
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1300
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1776
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2464
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2568
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1684
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2564
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:280
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1712
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1440
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:316
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1816
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3040
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1876
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1584
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1580
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1744
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2272
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1792
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:804
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2776
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2908
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2676
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2420
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2604
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2828
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2092
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1656
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2992
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2100
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2256
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3060
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:584
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2356
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2156
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1092
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2976
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:972
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2184
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2124
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2020
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:616
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1872
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:960
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1620
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1692
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2264
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:804
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2936
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2144
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1988
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2888
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1608
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2876
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2116
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2456
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2852
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3048
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2552
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2464
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2484
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2532
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1092
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1772
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:936
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2024
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2036
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2020
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1204
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2440
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1824
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2512
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1724
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2520
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2812
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2792
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2784
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1972
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2540
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1176
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:984
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1496
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2256
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2968
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2548
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2480
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1412
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1044
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1716
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:972
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2184
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2124
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1628
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1688
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:644
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2264
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2928
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:904
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1960
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1080
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2884
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2116
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2236
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2312
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1616
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1040
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1560
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1572
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2536
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2468
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2040
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:788
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:648
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3040
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1204
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1728
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:804
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2936
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2260
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1584
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2052
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2748
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1960
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2236
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2312
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1616
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1040
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3044
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2400
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2232
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1212
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1868
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2112
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2548
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1876
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1744
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1688
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2512
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2700
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:892
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2420
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1620
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2540
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2116
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1372
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1508
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1440
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1412
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2100
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:588
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2516
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2360
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2316
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1548
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:972
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:904
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1728
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1980
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2676
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2612
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1400
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1776
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2792
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2944
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:856
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1044
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Kills process with taskkill
        
        PID:2536
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2024
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1100
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2484
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1448
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2776
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2020
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2960
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1536
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1824
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1080
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2992
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1776
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2792
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2944
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:856
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:936
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2568
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1712
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2088
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2012
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:904
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1728
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2700
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2800
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2420
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3040
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1620
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2976
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1044
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2536
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2024
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2080
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1372
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:648
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2776
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:892
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1624
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1992
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1692
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2040
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:984
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2876
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2544
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2276
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2204
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1084
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3036
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2012
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2776
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:892
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2884
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1456
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2544
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:936
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1960
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:584
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2212
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2908
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:804
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2188
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:788
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1496
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2020
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2560
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2756
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2448
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2296
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3060
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Kills process with taskkill
        
        PID:1688
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3048
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1608
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2912
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1044
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2080
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1508
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1112
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2112
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2420
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1884
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2020
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1772
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1212
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2496
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3056
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1040
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2332
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1960
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:584
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2276
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2448
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1084
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3036
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:788
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1888
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2560
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2884
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1084
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2748
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1832
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1100
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2776
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1044
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2928
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2568
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2332
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1112
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2080
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:648
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1084
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2928
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1772
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2432
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1620
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1712
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1112
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2928
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1772
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2432
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1112
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1772
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1388
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2568
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2420
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2036
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2020
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1084
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1112
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2036
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2112
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2204
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1712
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2196
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2432
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2776
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2544
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:892
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2040
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2472
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2544
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:892
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2464
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2204
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1100
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1448
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2592
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3100
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3128
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3156
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3184
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3212
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3240
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3344
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3380
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3424
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3452
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3480
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3508
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3536
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3564
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3620
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3720
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3748
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3776
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3804
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3832
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3860
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3888
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3920
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4040
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4068
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3084
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2560
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3112
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3140
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3172
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3196
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3244
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3364
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3404
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3432
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3460
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3488
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3516
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3544
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3716
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3736
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3760
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3792
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3816
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3848
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3872
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3900
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4056
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4080
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3088
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3120
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3152
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3180
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3200
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3980
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3344
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3404
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3432
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3460
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3488
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3516
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3304
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3700
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3812
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3844
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3868
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3904
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3636
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3664
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4076
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3136
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3176
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3156
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3184
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3964
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3260
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2756
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3432
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3512
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3328
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3372
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3600
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3352
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3800
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3832
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3616
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3768
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4064
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3940
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3104
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3164
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3272
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1084
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4048
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3380
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1712
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3524
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3728
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3580
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3424
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3716
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3804
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3908
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3636
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3128
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3168
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3180
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3164
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3928
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3212
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4092
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3428
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3544
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3496
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3824
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3788
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3904
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3756
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1556
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3208
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3148
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3924
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4072
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:436
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4048
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3940
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3220
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3792
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3824
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3788
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3904
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3756
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3528
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3676
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3892
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3448
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3364
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4048
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3940
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3492
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2444
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1712
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3300
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3740
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3648
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3564
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3544
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3152
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2780
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3876
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3476
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2916
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3636
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2236
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3132
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3472
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3928
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2008
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3968
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3456
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2544
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3148
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2412
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2796
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4072
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3476
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2444
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2972
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3192
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1260
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:436
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3896
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3908
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3436
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3608
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1984
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3904
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3104
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Kills process with taskkill
        
        PID:1532
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3508
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3820
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2392
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4056
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3636
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2544
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2760
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2656
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4072
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3264
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3716
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2848
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2972
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2832
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4056
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:436
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3904
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2876
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3132
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3784
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4016
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3948
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4056
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3092
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1984
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2876
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3132
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3784
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2276
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3364
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3228
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3136
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3804
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3916
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3436
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3448
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2876
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2500
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3784
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3728
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3636
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1532
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3804
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3740
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4068
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2040
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3688
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:436
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3544
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4012
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3192
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3916
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2832
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2848
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3804
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3264
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1972
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3636
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3132
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3688
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2180
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2996
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3728
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3300
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3448
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2832
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3820
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2008
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3728
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3260
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2076
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3456
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3728
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3260
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2076
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3300
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4016
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4120
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4148
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Kills process with taskkill
        
        PID:4176
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4204
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4232
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4260
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4288
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4412
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4440
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4468
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4496
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4524
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4552
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4640
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4708
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4736
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4764
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4792
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4820
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4848
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4956
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5004
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5032
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5060
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5088
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5116
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4016
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4216
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4280
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3260
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4320
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4344
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4428
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4460
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4380
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4600
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4556
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4692
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4732
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Kills process with taskkill
        
        PID:4760
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4788
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4884
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4868
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5000
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5024
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5048
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5080
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5088
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4140
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4244
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4260
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4308
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4364
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4288
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4416
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4464
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4560
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4624
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4644
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4720
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4736
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4496
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Kills process with taskkill
        
        PID:4776
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4988
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5020
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5044
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4872
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5064
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5092
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4240
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2076
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4324
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4344
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4916
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4188
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4420
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4580
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4740
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4744
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4512
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4440
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4768
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3860
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5004
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4872
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4124
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5092
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1560
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4272
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4360
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4328
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4448
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4244
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4572
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4556
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4756
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4800
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4812
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5076
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5012
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5056
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4948
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3228
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3516
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3924
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5044
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4164
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3540
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4600
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4748
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        Kills process with taskkill
        
        PID:1404
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4440
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4548
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4652
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5060
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4132
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3728
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4320
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5096
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4196
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4436
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4636
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:588
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4600
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4488
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4440
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4548
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4652
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5052
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4876
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1292
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5096
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4196
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4436
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4448
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4244
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3004
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5032
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2600
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5008
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4136
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5060
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4132
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4164
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4288
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4636
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4668
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3744
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1560
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5056
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4136
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5060
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4848
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1292
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2004
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3540
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4464
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4344
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5048
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4584
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2760
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4496
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4188
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5104
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:2600
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:588
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:460
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1512
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5024
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5064
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4800
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4148
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4916
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4640
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4288
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3004
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4292
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4136
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3516
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4428
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4580
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1448
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4544
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1300
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:1980
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4124
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5104
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3396
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4580
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:5064
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5056
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4652
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3704
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4132
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4916
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3364
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:4188
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3192
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im taskmgr.exe /t
        6⤵
        
        PID:3920
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c 1.bat
        5⤵
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of WriteProcessMemory
        
        PID:2664
      - C:\Windows\SysWOW64\net.exe
        
        net user Admin 32796679
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1884
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 user Admin 32796679
        7⤵
        
        PID:1040
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2184
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:2388
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        Runs ping.exe
        
        PID:960
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:1420
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2420
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:2740
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:1372
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:2844
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2516
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:2104
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:1448
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:2284
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2288
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:2308
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:840
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:2032
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:1804
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:1124
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:1536
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:1552
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2220
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:2356
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:1956
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:2324
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:1872
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:2640
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2756
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:2220
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:1100
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:616
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2448
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:2364
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2972
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:280
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2548
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:1564
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:1620
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:2476
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:1300
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:2508
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2012
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:2428
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2144
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2552
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2784
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:2168
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2432
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:2116
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        Runs ping.exe
        
        PID:2212
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:3044
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2784
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:1792
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2204
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:2160
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:788
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:2992
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2296
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:2088
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2824
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:932
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:1100
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:2192
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:1888
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:2800
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:1876
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:2052
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:892
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:2956
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:1620
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:2012
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:1972
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:2912
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:1960
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:2496
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2592
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:584
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2196
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:2332
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:1712
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:2904
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2592
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:2112
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2448
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:2196
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2632
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:3292
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3300
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:3628
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3648
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:3952
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3976
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:2472
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        Runs ping.exe
        
        PID:3276
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:3572
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3604
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:3932
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3928
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:3216
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3368
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:3536
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3732
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:2136
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4092
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:3384
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3424
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:3816
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:3992
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3204
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:3568
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3328
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:3672
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4064
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:3280
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3276
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:3652
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2040
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:3428
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3456
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:3208
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3960
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:3856
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3948
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:2624
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4092
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:3756
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3904
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:2592
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3636
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:3872
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3136
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:3928
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3364
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:3532
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2016
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:2188
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3436
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:2392
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3964
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:1368
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        Runs ping.exe
        
        PID:3864
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:2972
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3896
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:3508
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:2008
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:3964
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        Runs ping.exe
        
        PID:892
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:3436
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3228
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:2180
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:3784
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:3136
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        Runs ping.exe
        
        PID:2832
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:3412
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3132
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4332
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4348
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:4608
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4628
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:4900
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4916
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:4160
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4148
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:4468
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4512
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4796
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4840
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:316
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4932
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:4472
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4504
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:4784
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:1292
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:3724
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3920
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:4560
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4624
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:5108
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:5036
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:4184
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4536
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:4960
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4832
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:4316
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4276
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:4780
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4496
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:4856
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4772
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:4360
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4552
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:2632
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4668
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:4616
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4604
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:2412
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4240
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:4440
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        System Location Discovery: System Language Discovery
        Runs ping.exe
        
        PID:5012
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:4140
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4668
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:3340
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4436
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\2.vbs"
        6⤵
        
        PID:5100
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:5060
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\3.vbs"
        6⤵
        
        PID:5004
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:5052
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\4.vbs"
        6⤵
        
        PID:4120
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3364
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\5.vbs"
        6⤵
        
        PID:1824
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:3944
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Windows\1.vbs"
        6⤵
        
        PID:2036
      - C:\Windows\SysWOW64\PING.EXE
        
        ping -n 2 127.0.0.1
        6⤵
        
        PID:4308
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ÖÐ¶¾ÉùÃ÷.txt
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2732
      - C:\Windows\SysWOW64\NOTEPAD.EXE
        
        "C:\Windows\system32\NOTEPAD.EXE" C:\Windows\ÖÐ¶¾ÉùÃ÷.txt
        6⤵
        
        PID:2764
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\System32\taskkill.exe" /im explorer.exe /f
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1388

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x45c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\1.bat

Filesize
251B

MD5
52834402d32b02df89635d3af7f08613

SHA1
e328c0655b33b69def8ac3cdecbf39adc2bbcee2

SHA256
23cd285ce7b5cfeeafd81002b39d23e4cd496db071b1724c5ab731204165b027

SHA512
ceb85d68b5a3a9c34ff060c0ea2b72e6b261f0b768726790cebaa9595ef69610eb44ebd47e004d3ef74cc106c9923be0ffd018f4d722b9fda382eb1fb6542c1d

Download Submit
C:\Windows\1.vbs

Filesize
37B

MD5
1f1f1bbeb866352ab56dfea17fdb1e7d

SHA1
7c78deeffeae5915d318b79403f81e5bc81e5d96

SHA256
58e36853e50cc2c5be0a7043b1ba3987bad655c496023a3b41a40150035af800

SHA512
0c80cabcfbe15be8142493a6db9abda0a49adbbbb3f8be8fe756694520f5f3fe7d8827fb1606b09b4e63cdb9d55e2b313ca9cddec47f8caf0489028a5221e96d

Download Submit
C:\Windows\2.vbs

Filesize
39B

MD5
562d897575093f1bc6f4a21b5efbb81f

SHA1
bb8e100b9eeb109a57db06799cb048330133a018

SHA256
27d9e7c968c1f880f5e08f514978799c136de8a5c53055dd078a030d7d711d57

SHA512
80a000d4ccec4e45499881ae0b0fb866e128f356f8292c89ddacdf01aa8f090978e6dba2ce22b0bcd6cf8d7428b0d8c038d14b3f86b0d02401018e884b77a0ba

Download Submit
C:\Windows\3.vbs

Filesize
39B

MD5
4a669d393eba6b9d254bad9e4aa48420

SHA1
81fafe0ab99a0d5080af118b3f789d4076474f58

SHA256
349440826116ccc5fc44a4d448f00178d8537190c8d7eaea0ff9dfdb740e29d4

SHA512
3527db2b5b7134c4b915029c4ac9bedc79b2476f7e3b021e929abf9143bdd594a853d545fbdcfb2a4d56bc0f099a54cbb95e5ea4cf048db4d379b3f0d0f97d50

Download Submit
C:\Windows\4.vbs

Filesize
39B

MD5
8f9de5316cb2fc2ead65815e1ce8f5f8

SHA1
c1452216f8f333cd95a7c31f7cbba3e7dbddd3dc

SHA256
ba75752c53109ac81eab1ed9b2f2f6b2f923c92b38d082f791c46849acbaee28

SHA512
f03b7ce48cef79d1c14905bcb8bcd646abdd66c19e6eafe83b2b710468dce3b614d3234d97453b918c575997d48bf7ccbdfe00d20c6cafab6ac363a76e7fc268

Download Submit
C:\Windows\5.vbs

Filesize
39B

MD5
87233116fca81b911a9f1c164b1af2c5

SHA1
11cee1d9e4971c9e55efd6ed7b98bc7299350cdf

SHA256
b87ecf5daf9708cfae782c5428cdcdfb73e3cc3293d50bcd6d259f93e680076f

SHA512
5080fc2b4a836a60ae0e4a9110a32e08e0c0ab72dc6b80eff0c68a59cf4fbdbd4e33793f859bc27e01a11bbf04c5f842b8d6aa594e16a596d1674a8f2d9c9963

Download Submit
C:\Windows\7.vbs

Filesize
643B

MD5
807d19d3883d01986587d84314714333

SHA1
2c1c520a29d64a2398079366e401cc2dc35f1e61

SHA256
3fe7cc37190c3e055a29780310543cf4da48f8e426c87ad780e7523a1a353ee6

SHA512
d652c02bbca6feed9ce064416e1261217900c8767153af4f8bbc05c6b350c9d38a7caed34bb2b6f2e99daf4d896f7a35086beb401fd7a8d49fa57aab892e2cb7

Download Submit
C:\Windows\x.bat

Filesize
33B

MD5
8a8fb02e7d894e10253c9f3cdab35ac7

SHA1
24d19a4effad601bbd75cdaa56d7bd0d31fe266f

SHA256
2216b8b79f2447528abf05150fc2ab516af3907753ebb44b788059469644a1b0

SHA512
2794a871adbd46301605983a7a7fb460ad859d060d1b10f4b155377eee6be771cd9a18e9ce6e9d9b542d24df34ede8eb98d9140b72eaec7a28588fa3e68efda7

Download Submit
C:\Windows\ÍõÕßÈÙÒ«Ë¢µãÈ¯.vbs

Filesize
71B

MD5
444949fed501c3eb0eabcc41183b3ccf

SHA1
c3321d08d71f16706553395b33381bc52db51775

SHA256
0d655eb0c272f1d163c165d35253b704e0e6bf76c1624266a21500364cefd33c

SHA512
7ed42efb7211754a2acb03240ddf8dd1156e7bf00bc06df4478f41b7eb9e7a559ff658c6c9aca2f9cff8c77412696fc493066d7ce14e88929b03ddced03351da

Download Submit
C:\Windows\ÖÐ¶¾ÉùÃ÷.txt

Filesize
431B

MD5
39657d443a4b1ae830e62ac42457640f

SHA1
48a89076b8917ab3ee1408fc940c8f9c32add9ac

SHA256
2da5be84a1800a50e5856ceadb04c1b1e066734bfcdd8367d297cf0d4c5c1a8e

SHA512
9ff32816b067425e1e1eb1620f449086aab623e8e464692ddf78784dfab73892dd820080f79661144207b932a364c23215673e9b6019f0306a7980bb9f53f3fc

Download Submit
memory/2664-1719-0x00000000028C0000-0x00000000029C0000-memory.dmp

Filesize
1024KB

Download
memory/2664-3639-0x00000000029E0000-0x0000000002AE0000-memory.dmp

Filesize
1024KB

Download
memory/2664-3647-0x0000000002980000-0x0000000002A80000-memory.dmp

Filesize
1024KB

Download