b6de429a7d506a032902b964a5ea0867da48e1bc6118cf03edbfe8289bcd2264

Analysis

max time kernel
1800s
max time network
1433s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
22-11-2024 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

loader.exe
Size

24.9MB
MD5

12d091ac76b2145e152b2ed739a4bc86
SHA1

9ce20bb24a00339053e8de0228d5f3e962cb5646
SHA256

b6de429a7d506a032902b964a5ea0867da48e1bc6118cf03edbfe8289bcd2264
SHA512

97ac6933f8f8c74fa9d69a43f0b240c74ce17e46cef44e00f5f63cf2b3e5f61d3ba5d21785e1d4f96a3fa338bcc1e49232f0ec40b522c0a98a3a0bfaaff85d59
SSDEEP

393216:GSzcSuVdw5fOaRnxHMEHqfvUHQlz8Cui841rQwG0QLvCGHPCcVH2AZTFKnjJ:GbPdDaRnxHMEHqUHR7E1kw5iaCtD+

Score

10^/10

discovery evasion execution ransomware

Malware Config

Signatures

Deletes NTFS Change Journal 2 TTPs 1 IoCs
The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
ransomware

Inhibit System Recovery
T1490

Data Destruction
T1485

Processes:

fsutil.exe

pid process

4220 fsutil.exe
Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002
Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

Processes:

loader.exeGamePanel.exe

pid process

4612 loader.exe
4612 loader.exe
4144 GamePanel.exe
4144 GamePanel.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

loader.exe

description pid process target process

PID 4612 set thread context of 4144 4612 loader.exe GamePanel.exe

pid	process
4220	fsutil.exe

pid	process
4612	loader.exe
4612	loader.exe
4144	GamePanel.exe
4144	GamePanel.exe

description	pid	process	target process
PID 4612 set thread context of 4144	4612	loader.exe	GamePanel.exe

Launches sc.exe 64 IoCs

Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exe

pid	process
4872	sc.exe
236
3144
4100
272
1664
2212	sc.exe
1396
2744
4524
3732
4128
1380
4008
2444	sc.exe
3012	sc.exe
4328
3604
4768	sc.exe
4772	sc.exe
3844
4368
1964
2360
2652
1660
1940
1012
4580
2088
388
3812
1392
3184
1608
3644
3884
2168
2664
2548
1012
4580
2128
4376
1076
4360
1216	sc.exe
780	sc.exe
1928	sc.exe
2972
2996
4784	sc.exe
3952
4364
980
2656
4884
3216
1948
4128
4152
3952	sc.exe
2248	sc.exe
1244	sc.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
discovery

Internet Connection Discovery
T1016.001

Processes:

cmd.exePING.EXE

pid process

4300 cmd.exe
4504 PING.EXE
System Time Discovery 1 TTPs 1 IoCs
Adversary may gather the system time and/or time zone settings from a local or remote system.
discovery

System Time Discovery
T1124

Processes:

SystemSettingsAdminFlows.exe

pid process

2516 SystemSettingsAdminFlows.exe

pid	process
4300	cmd.exe
4504	PING.EXE

pid	process
2516	SystemSettingsAdminFlows.exe

Kills process with taskkill 64 IoCs

evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid	process
5076	taskkill.exe
4116
1184
3656	taskkill.exe
2068
824	taskkill.exe
1668
3488
3712
760	taskkill.exe
1304
4728
4100
1348
4372
696
4664	taskkill.exe
5060
1088
1216
3400
1248
3252	taskkill.exe
3996	taskkill.exe
3028
2248
2428
64
64
1728
4600
1384	taskkill.exe
4728	taskkill.exe
3284	taskkill.exe
4112
5056
4168
4600	taskkill.exe
3936
1160
1016
2800
3800
1228
2240
1728
4824
2044
3724
4612
1464	taskkill.exe
3272
1216
1644	taskkill.exe
3720	taskkill.exe
4648	taskkill.exe
1800
1228
3056
980
4168
1536
536
2700

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

4504 PING.EXE
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

loader.exeGamePanel.exe

pid process

4612 loader.exe
4612 loader.exe
4144 GamePanel.exe
4144 GamePanel.exe

pid	process
4504	PING.EXE

pid	process
4612	loader.exe
4612	loader.exe
4144	GamePanel.exe
4144	GamePanel.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

GamePanel.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

description	pid	process
Token: SeDebugPrivilege	4144	GamePanel.exe
Token: SeTakeOwnershipPrivilege	4144	GamePanel.exe
Token: SeLoadDriverPrivilege	4144	GamePanel.exe
Token: SeShutdownPrivilege	4144	GamePanel.exe
Token: SeDebugPrivilege	1384	taskkill.exe
Token: SeDebugPrivilege	5048	taskkill.exe
Token: SeDebugPrivilege	2068	taskkill.exe
Token: SeDebugPrivilege	2368	taskkill.exe
Token: SeDebugPrivilege	1680	taskkill.exe
Token: SeDebugPrivilege	1576	taskkill.exe
Token: SeDebugPrivilege	3284	taskkill.exe
Token: SeDebugPrivilege	4440	taskkill.exe
Token: SeDebugPrivilege	4364	taskkill.exe
Token: SeDebugPrivilege	1552	taskkill.exe
Token: SeDebugPrivilege	240	taskkill.exe
Token: SeDebugPrivilege	3216	taskkill.exe
Token: SeDebugPrivilege	3016	taskkill.exe
Token: SeDebugPrivilege	2972	taskkill.exe
Token: SeDebugPrivilege	4612	taskkill.exe
Token: SeDebugPrivilege	560	taskkill.exe
Token: SeDebugPrivilege	4536	taskkill.exe
Token: SeDebugPrivilege	2912	taskkill.exe
Token: SeDebugPrivilege	1252	taskkill.exe
Token: SeDebugPrivilege	2844	taskkill.exe
Token: SeDebugPrivilege	1740	taskkill.exe
Token: SeDebugPrivilege	3868	taskkill.exe
Token: SeDebugPrivilege	524	taskkill.exe
Token: SeDebugPrivilege	4800	taskkill.exe
Token: SeDebugPrivilege	1804	taskkill.exe
Token: SeDebugPrivilege	4512	taskkill.exe
Token: SeDebugPrivilege	240	taskkill.exe
Token: SeDebugPrivilege	332	taskkill.exe
Token: SeDebugPrivilege	1540	taskkill.exe
Token: SeDebugPrivilege	4692	taskkill.exe
Token: SeDebugPrivilege	1088	taskkill.exe
Token: SeDebugPrivilege	2044	taskkill.exe
Token: SeDebugPrivilege	1236	taskkill.exe
Token: SeDebugPrivilege	4648	taskkill.exe
Token: SeDebugPrivilege	3008	taskkill.exe
Token: SeDebugPrivilege	904	taskkill.exe
Token: SeDebugPrivilege	456	taskkill.exe
Token: SeDebugPrivilege	376	taskkill.exe
Token: SeDebugPrivilege	4052	taskkill.exe
Token: SeDebugPrivilege	1644	taskkill.exe
Token: SeDebugPrivilege	780	taskkill.exe
Token: SeDebugPrivilege	1972	taskkill.exe
Token: SeDebugPrivilege	2928	taskkill.exe
Token: SeDebugPrivilege	2012	taskkill.exe
Token: SeDebugPrivilege	1240	taskkill.exe
Token: SeDebugPrivilege	3800	taskkill.exe
Token: SeDebugPrivilege	1428	taskkill.exe
Token: SeDebugPrivilege	4440	taskkill.exe
Token: SeDebugPrivilege	1388	taskkill.exe
Token: SeDebugPrivilege	2624	taskkill.exe
Token: SeDebugPrivilege	5076	taskkill.exe
Token: SeDebugPrivilege	3224	taskkill.exe
Token: SeDebugPrivilege	904	taskkill.exe
Token: SeDebugPrivilege	924	taskkill.exe
Token: SeDebugPrivilege	3132	taskkill.exe
Token: SeDebugPrivilege	2764	taskkill.exe
Token: SeDebugPrivilege	1644	taskkill.exe
Token: SeDebugPrivilege	780	taskkill.exe
Token: SeDebugPrivilege	4812	taskkill.exe
Token: SeDebugPrivilege	2928	taskkill.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

loader.execmd.exeGamePanel.exe

description	pid	process	target process
PID 4612 wrote to memory of 4144	4612	loader.exe	GamePanel.exe
PID 4612 wrote to memory of 4144	4612	loader.exe	GamePanel.exe
PID 4612 wrote to memory of 4144	4612	loader.exe	GamePanel.exe
PID 4612 wrote to memory of 4144	4612	loader.exe	GamePanel.exe
PID 4612 wrote to memory of 4144	4612	loader.exe	GamePanel.exe
PID 4612 wrote to memory of 4144	4612	loader.exe	GamePanel.exe
PID 4612 wrote to memory of 4144	4612	loader.exe	GamePanel.exe
PID 4612 wrote to memory of 4144	4612	loader.exe	GamePanel.exe
PID 4612 wrote to memory of 4144	4612	loader.exe	GamePanel.exe
PID 4612 wrote to memory of 4144	4612	loader.exe	GamePanel.exe
PID 4612 wrote to memory of 4144	4612	loader.exe	GamePanel.exe
PID 4612 wrote to memory of 4144	4612	loader.exe	GamePanel.exe
PID 4612 wrote to memory of 4144	4612	loader.exe	GamePanel.exe
PID 4612 wrote to memory of 4300	4612	loader.exe	cmd.exe
PID 4612 wrote to memory of 4300	4612	loader.exe	cmd.exe
PID 4300 wrote to memory of 4504	4300	cmd.exe	PING.EXE
PID 4300 wrote to memory of 4504	4300	cmd.exe	PING.EXE
PID 4300 wrote to memory of 4220	4300	cmd.exe	fsutil.exe
PID 4300 wrote to memory of 4220	4300	cmd.exe	fsutil.exe
PID 4144 wrote to memory of 2516	4144	GamePanel.exe	SystemSettingsAdminFlows.exe
PID 4144 wrote to memory of 2516	4144	GamePanel.exe	SystemSettingsAdminFlows.exe
PID 4144 wrote to memory of 456	4144	GamePanel.exe	sc.exe
PID 4144 wrote to memory of 456	4144	GamePanel.exe	sc.exe
PID 4144 wrote to memory of 3132	4144	GamePanel.exe	sc.exe
PID 4144 wrote to memory of 3132	4144	GamePanel.exe	sc.exe
PID 4144 wrote to memory of 1384	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 1384	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 5048	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 5048	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 2068	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 2068	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 2368	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 2368	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 1680	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 1680	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 1576	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 1576	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 3284	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 3284	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 4440	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 4440	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 4364	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 4364	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 1552	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 1552	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 240	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 240	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 3216	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 3216	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 3016	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 3016	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 2972	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 2972	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 4612	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 4612	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 560	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 560	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 4536	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 4536	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 2912	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 2912	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 1252	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 1252	4144	GamePanel.exe	taskkill.exe
PID 4144 wrote to memory of 2844	4144	GamePanel.exe	taskkill.exe

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Windows\SYSTEM32\GamePanel.exe
  GamePanel.exe
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4144
- - C:\Windows\SYSTEM32\SystemSettingsAdminFlows.exe
    SystemSettingsAdminFlows.exe SetInternetTime 1
    3⤵
    - System Time Discovery
    PID:2516
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:456
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:3132
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1384
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5048
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2068
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2368
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1680
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1576
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3284
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4364
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1552
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:240
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3216
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3016
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2972
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4612
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:560
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4536
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2912
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1252
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2844
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1740
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3868
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:524
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4800
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1804
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4512
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    - Launches sc.exe
    PID:2212
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:1244
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:1240
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:3816
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3420
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:652
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2076
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:536
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:3908
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:4940
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:240
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:332
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1540
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4692
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1088
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2044
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1236
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4648
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3008
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:904
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:456
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:376
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4052
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1644
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:780
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1972
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2928
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1240
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3800
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1428
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1388
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2624
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5076
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3224
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    - Launches sc.exe
    PID:4768
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4608
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2932
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:4772
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:1088
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:3768
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2560
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:4580
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:1252
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:5016
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:904
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:924
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3132
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2764
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1644
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:780
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4812
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2928
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4128
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1312
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:3448
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:5104
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:748
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:2556
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4516
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1160
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:240
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:444
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:216
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:724
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3728
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:3096
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:5116
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:4632
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:4064
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:2860
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:64
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:3132
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:820
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3256
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:324
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2568
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3400
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:1412
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2368
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4720
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:3448
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:1428
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4952
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:3660
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:3816
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2020
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:404
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1128
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:4772
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:4472
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:4808
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:1236
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:5116
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:5016
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:3172
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:920
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:2200
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:2640
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:4200
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1660
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:3864
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:2068
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:2012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:2688
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:1240
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:1576
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:3284
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:3432
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3012
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:536
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:5076
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3936
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:3276
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2168
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:5108
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4416
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4772
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:772
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:3728
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4404
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:1608
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:4748
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4064
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1152
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:1944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:4012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:4168
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:5048
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:3804
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1096
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:2368
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:3028
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:3416
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1760
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1552
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:2296
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:2836
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:3160
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:3252
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:2376
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:2064
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:1192
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:3180
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:5108
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:1200
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:4032
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2912
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:772
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:1948
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2284
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:2844
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:3052
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:2588
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:2248
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:1536
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4804
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:1804
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:1532
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4812
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:2068
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:1916
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:2368
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:892
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:3696
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:2088
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1800
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:536
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:4288
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:4484
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3828
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1140
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3276
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:1476
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:1012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:4504
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:3228
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4268
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:4404
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:2404
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3524
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:4748
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:1740
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:5028
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:2248
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    - Launches sc.exe
    PID:1216
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:1616
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:324
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:3864
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:2928
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:3720
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4024
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:2076
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:4664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:5068
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1040
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:1420
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:4188
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:3192
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:1440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4736
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:3908
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:2972
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:272
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:2488
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3820
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:4732
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:1236
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:1948
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:3596
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3232
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:3560
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4408
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2200
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:1008
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    - Launches sc.exe
    PID:4784
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:5004
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:1136
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:780
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:4780
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:1736
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:3624
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:976
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:3108
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:748
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4320
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4788
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:1520
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4484
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:3876
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:3992
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:4692
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:3180
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:3656
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:5112
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:4648
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:2112
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:1252
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:3484
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3596
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:3232
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:4600
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:4052
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:2492
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:820
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:2568
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:1372
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4668
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:4456
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:1924
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:1112
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:2496
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:4720
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:2368
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:852
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:5068
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:3696
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:3660
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4288
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:2960
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:2704
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:3828
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:860
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2584
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:272
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:4032
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:724
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:4300
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:4268
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4776
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1948
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:4500
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:4252
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:2512
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:5032
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1556
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:5004
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:4792
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:780
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:232
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3996
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:1312
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4020
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:3028
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:1640
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    - Launches sc.exe
    PID:3952
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:3680
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:1040
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:2536
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:636
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:5076
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4484
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:2408
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:1140
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:2020
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4464
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4712
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:2956
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2044
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:2112
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:4680
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:2176
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:904
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:3232
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:4824
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:5028
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1668
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:3484
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:1548
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:3384
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:2996
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:4812
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:3400
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:1916
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:652
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3004
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:3952
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:2208
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2088
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:2536
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3016
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:2364
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:4516
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3116
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:1128
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2204
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:928
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4464
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:3252
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4480
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4612
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:2136
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:3096
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:1608
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4408
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1152
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:5032
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:1216
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:4056
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:324
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:3440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:3132
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:1112
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:1812
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:4700
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3108
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1980
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:2208
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:2220
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:1520
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:2704
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:4484
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:8
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:3856
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:1140
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:5040
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:928
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:4808
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2956
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:416
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:2796
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:3712
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:2308
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:1188
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:1256
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:3916
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:2212
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:3764
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:3364
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4128
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:760
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:3028
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:1080
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:4568
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:1160
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4740
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:5076
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:1376
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:404
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:1888
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1128
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1140
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:4444
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:4732
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:3252
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:216
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:4168
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:2452
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:1496
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2240
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    - Launches sc.exe
    PID:2248
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3024
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:2304
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2080
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:4792
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:2568
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    - Launches sc.exe
    PID:780
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4456
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:1096
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:2076
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:1640
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:1760
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:5104
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:1412
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:1372
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:2364
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:3116
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:4728
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:8
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:2204
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4528
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:4808
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:3840
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:2888
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:2160
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:4500
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3560
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:2120
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:3200
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:1660
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3604
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:3244
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4488
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2396
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:2212
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:1484
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:2496
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2292
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:1112
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:1916
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2696
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:2748
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4524
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:3888
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:2820
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4992
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:3812
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:404
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2168
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:3768
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:928
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:1200
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:4324
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:1632
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:3808
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:2196
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:4600
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:2308
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:4200
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:1944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1548
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1256
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:568
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:4152
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:3996
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:1444
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:2928
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    - Launches sc.exe
    PID:1244
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:3680
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:3108
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:5104
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:2748
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:1468
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:1160
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:4516
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:1240
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2960
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:3184
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:404
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:2168
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:724
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:1012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:1200
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4580
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:4332
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:1384
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:5044
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:4600
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:188
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:1008
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:1944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:2304
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1256
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:5064
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:3496
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:3000
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:2688
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:4780
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:848
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:3004
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:1080
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:4320
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3160
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:2536
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:1912
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:228
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:4616
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:2508
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:3748
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:4336
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:5040
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:444
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2936
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4864
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:2524
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4332
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:1612
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:5044
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4600
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4572
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2400
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4792
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1724
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:3480
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:780
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:3996
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:1096
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:2944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:4664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:4720
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:2876
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:4008
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:4872
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:3224
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:2536
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:3420
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:4768
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:2204
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:928
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:2748
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:1876
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    - Launches sc.exe
    PID:4772
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3100
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:1232
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:64
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:4332
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:4408
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:4052
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:2492
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:1184
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:2468
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:820
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4920
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:2996
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:1188
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:3380
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4456
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:3416
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:1060
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:2696
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:1432
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:4008
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:5008
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:2580
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:1428
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:3116
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:4768
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:2020
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:4324
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:116
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:2072
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:1632
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:624
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:1384
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:5072
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:5028
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:2492
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:4012
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:1072
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3604
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:3296
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:1724
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:932
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:3136
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:424
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:3800
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4432
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:2552
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:636
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2088
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:3016
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:3720
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:4736
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:3120
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:3392
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:2376
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:3600
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:2020
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:1876
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:1028
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3808
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:2588
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:4500
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:2248
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:2612
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:2492
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:2424
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:1624
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4660
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:4920
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:1724
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:1924
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:2212
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:3624
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3124
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:2444
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:4432
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:1980
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:1468
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4320
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:3192
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:2064
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:3160
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4112
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:980
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:2972
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:4444
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:3820
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:1828
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:2920
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:988
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:1840
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1424
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:1384
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:556
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:4600
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:4272
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:4056
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:1256
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:1804
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:472
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:2212
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:1680
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:1952
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    - Launches sc.exe
    PID:2444
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:3284
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:4720
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:1204
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2556
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:4008
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:3016
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:3988
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4692
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:112
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:1140
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:928
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:2956
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4300
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:5112
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:712
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:1028
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1564
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:332
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:1612
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:2816
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:5072
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4512
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:4272
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:2468
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:1236
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:2524
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:2952
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3256
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:2544
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:1640
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:2292
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:4700
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:4432
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4900
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:4140
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:4524
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3388
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:1096
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2516
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:1404
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:1476
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:3120
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4728
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:5108
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:2204
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4688
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4648
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:2888
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4580
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:3132
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:3712
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:2452
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:3524
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:4368
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:2796
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:5004
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:1348
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:3228
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:236
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:4748
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:1764
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1256
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1724
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:232
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:4456
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:1680
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:4664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3004
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:4568
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:648
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:1204
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:4364
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:2364
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:2028
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:3396
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3144
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:992
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:1088
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:3180
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4768
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4536
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4216
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4504
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:3096
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:348
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2072
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:1608
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:4884
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:2120
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:4800
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:2764
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:3868
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:4056
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:3104
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:4408
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:5088
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1804
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:3256
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1464
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:2944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:760
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:4700
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3696
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:1576
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:3888
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    - Launches sc.exe
    PID:4872
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:1996
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:1080
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:3828
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:4116
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:652
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:1928
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2820
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4528
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4896
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:1012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:1440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:1240
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:1540
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:988
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:3808
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:1700
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1224
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:4200
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:1008
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:2248
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:5004
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:3484
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:4100
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:392
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:4488
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:2952
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:2664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:3996
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:1464
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:1868
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:1968
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:4668
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3004
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:568
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4320
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:4516
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:2364
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:1648
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:3068
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:5008
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3992
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    - Launches sc.exe
    PID:1928
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:3120
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4336
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4220
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:2936
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4216
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:404
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4772
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:116
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2072
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:3128
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:1728
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:2120
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:4012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:2764
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:1184
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:4248
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:4680
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:1764
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:5088
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1804
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:232
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1640
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:760
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:4700
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:192
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:852
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:636
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:2008
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2704
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:320
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3828
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:3528
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2360
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3184
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:2972
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2204
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4896
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:2912
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:1440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4796
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:712
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:1028
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4448
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:1564
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:1424
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1668
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:1932
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:3348
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:2404
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:5004
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:3728
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:4676
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:5048
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:4920
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:3136
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3804
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:232
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3872
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:760
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:3696
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:3284
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:568
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:1552
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:2008
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2704
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:2416
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3396
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:3528
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:1748
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:2696
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:3120
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2584
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:772
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4648
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:1440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4504
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:1540
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:2452
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:1384
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:388
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:4052
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:4468
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:4012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:1660
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:3240
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4660
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:4904
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:824
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:3480
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:924
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:4780
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1400
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1952
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:2284
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:648
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:3364
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3936
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:1800
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:2008
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:524
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:3144
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    - Launches sc.exe
    PID:3012
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:2580
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:3420
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:1776
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:4528
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:1228
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:2936
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4216
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4732
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4772
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:988
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:64
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:1248
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:1700
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4420
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:404
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:5028
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:3644
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:1136
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:4056
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4344
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1556
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:3496
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:3380
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:2396
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3996
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:3596
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1640
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:2552
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:748
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:3284
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:1412
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:3876
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:1040
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2516
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:2960
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:228
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:860
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:1304
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:2300
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:456
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:4528
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:772
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4484
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:3840
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4208
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:348
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:3172
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4168
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:332
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:1016
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:5072
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:1728
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:3244
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:3644
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:1136
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4748
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:3864
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:4292
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:1188
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:2800
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:4240
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:2012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1400
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:4664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:760
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:4668
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3284
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:4516
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:5016
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2008
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:1648
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:2960
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:2408
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:3392
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3184
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:3180
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:3120
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:5076
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4324
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4372
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:3840
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4796
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:348
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:2932
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2200
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\loader.exe" & fsutil usn deletejournal /D C:
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:4300
- - C:\Windows\system32\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:4504
- - C:\Windows\system32\fsutil.exe
    fsutil usn deletejournal /D C:
    3⤵
    - Deletes NTFS Change Journal
    PID:4220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Remote System Discovery

T1018

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Destruction

T1485

Inhibit System Recovery

T1490

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4144-7-0x0000000140000000-0x0000000145933000-memory.dmp

Filesize
89.2MB

Download
memory/4144-8-0x0000000140000000-0x0000000145933000-memory.dmp

Filesize
89.2MB

Download
memory/4144-11-0x0000000140000000-0x0000000145933000-memory.dmp

Filesize
89.2MB

Download
memory/4144-14-0x0000000140000000-0x0000000145933000-memory.dmp

Filesize
89.2MB

Download
memory/4144-19-0x0000000140000000-0x0000000145933000-memory.dmp

Filesize
89.2MB

Download
memory/4144-20-0x0000000140000000-0x0000000145933000-memory.dmp

Filesize
89.2MB

Download
memory/4612-0-0x00000001439F7000-0x000000014404E000-memory.dmp

Filesize
6.3MB

Download
memory/4612-1-0x00007FFF33470000-0x00007FFF33472000-memory.dmp

Filesize
8KB

Download
memory/4612-2-0x0000000140000000-0x0000000145933000-memory.dmp

Filesize
89.2MB

Download
memory/4612-9-0x0000000140000000-0x0000000145933000-memory.dmp

Filesize
89.2MB

Download
memory/4612-10-0x00000001439F7000-0x000000014404E000-memory.dmp

Filesize
6.3MB

Download