b6de429a7d506a032902b964a5ea0867da48e1bc6118cf03edbfe8289bcd2264

Analysis

max time kernel
1800s
max time network
1433s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
22-11-2024 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

loader.exe
Size

24.9MB
MD5

12d091ac76b2145e152b2ed739a4bc86
SHA1

9ce20bb24a00339053e8de0228d5f3e962cb5646
SHA256

b6de429a7d506a032902b964a5ea0867da48e1bc6118cf03edbfe8289bcd2264
SHA512

97ac6933f8f8c74fa9d69a43f0b240c74ce17e46cef44e00f5f63cf2b3e5f61d3ba5d21785e1d4f96a3fa338bcc1e49232f0ec40b522c0a98a3a0bfaaff85d59
SSDEEP

393216:GSzcSuVdw5fOaRnxHMEHqfvUHQlz8Cui841rQwG0QLvCGHPCcVH2AZTFKnjJ:GbPdDaRnxHMEHqUHR7E1kw5iaCtD+

Score

10^/10

discovery evasion execution ransomware

Malware Config

Signatures

Deletes NTFS Change Journal 2 TTPs 1 IoCs

The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.

ransomware

Inhibit System Recovery

T1490

Data Destruction

T1485

pid	Process
4220	fsutil.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
4612	loader.exe
4612	loader.exe
4144	GamePanel.exe
4144	GamePanel.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4612 set thread context of 4144	4612	loader.exe	87

Launches sc.exe 64 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
4872	sc.exe
236	Process not Found
3144	Process not Found
4100	Process not Found
272	Process not Found
1664	Process not Found
2212	sc.exe
1396	Process not Found
2744	Process not Found
4524	Process not Found
3732	Process not Found
4128	Process not Found
1380	Process not Found
4008	Process not Found
2444	sc.exe
3012	sc.exe
4328	Process not Found
3604	Process not Found
4768	sc.exe
4772	sc.exe
3844	Process not Found
4368	Process not Found
1964	Process not Found
2360	Process not Found
2652	Process not Found
1660	Process not Found
1940	Process not Found
1012	Process not Found
4580	Process not Found
2088	Process not Found
388	Process not Found
3812	Process not Found
1392	Process not Found
3184	Process not Found
1608	Process not Found
3644	Process not Found
3884	Process not Found
2168	Process not Found
2664	Process not Found
2548	Process not Found
1012	Process not Found
4580	Process not Found
2128	Process not Found
4376	Process not Found
1076	Process not Found
4360	Process not Found
1216	sc.exe
780	sc.exe
1928	sc.exe
2972	Process not Found
2996	Process not Found
4784	sc.exe
3952	Process not Found
4364	Process not Found
980	Process not Found
2656	Process not Found
4884	Process not Found
3216	Process not Found
1948	Process not Found
4128	Process not Found
4152	Process not Found
3952	sc.exe
2248	sc.exe
1244	sc.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4300	cmd.exe
4504	PING.EXE

System Time Discovery 1 TTPs 1 IoCs

Adversary may gather the system time and/or time zone settings from a local or remote system.

discovery

System Time Discovery

T1124

pid	Process
2516	SystemSettingsAdminFlows.exe

Kills process with taskkill 64 IoCs

evasion

pid	Process
5076	taskkill.exe
4116	Process not Found
1184	Process not Found
3656	taskkill.exe
2068	Process not Found
824	taskkill.exe
1668	Process not Found
3488	Process not Found
3712	Process not Found
760	taskkill.exe
1304	Process not Found
4728	Process not Found
4100	Process not Found
1348	Process not Found
4372	Process not Found
696	Process not Found
4664	taskkill.exe
5060	Process not Found
1088	Process not Found
1216	Process not Found
3400	Process not Found
1248	Process not Found
3252	taskkill.exe
3996	taskkill.exe
3028	Process not Found
2248	Process not Found
2428	Process not Found
64	Process not Found
64	Process not Found
1728	Process not Found
4600	Process not Found
1384	taskkill.exe
4728	taskkill.exe
3284	taskkill.exe
4112	Process not Found
5056	Process not Found
4168	Process not Found
4600	taskkill.exe
3936	Process not Found
1160	Process not Found
1016	Process not Found
2800	Process not Found
3800	Process not Found
1228	Process not Found
2240	Process not Found
1728	Process not Found
4824	Process not Found
2044	Process not Found
3724	Process not Found
4612	Process not Found
1464	taskkill.exe
3272	Process not Found
1216	Process not Found
1644	taskkill.exe
3720	taskkill.exe
4648	taskkill.exe
1800	Process not Found
1228	Process not Found
3056	Process not Found
980	Process not Found
4168	Process not Found
1536	Process not Found
536	Process not Found
2700	Process not Found

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4504	PING.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4612	loader.exe
4612	loader.exe
4144	GamePanel.exe
4144	GamePanel.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4144	GamePanel.exe
Token: SeTakeOwnershipPrivilege	4144	GamePanel.exe
Token: SeLoadDriverPrivilege	4144	GamePanel.exe
Token: SeShutdownPrivilege	4144	GamePanel.exe
Token: SeDebugPrivilege	1384	taskkill.exe
Token: SeDebugPrivilege	5048	taskkill.exe
Token: SeDebugPrivilege	2068	taskkill.exe
Token: SeDebugPrivilege	2368	taskkill.exe
Token: SeDebugPrivilege	1680	taskkill.exe
Token: SeDebugPrivilege	1576	taskkill.exe
Token: SeDebugPrivilege	3284	taskkill.exe
Token: SeDebugPrivilege	4440	taskkill.exe
Token: SeDebugPrivilege	4364	taskkill.exe
Token: SeDebugPrivilege	1552	taskkill.exe
Token: SeDebugPrivilege	240	taskkill.exe
Token: SeDebugPrivilege	3216	taskkill.exe
Token: SeDebugPrivilege	3016	taskkill.exe
Token: SeDebugPrivilege	2972	taskkill.exe
Token: SeDebugPrivilege	4612	taskkill.exe
Token: SeDebugPrivilege	560	taskkill.exe
Token: SeDebugPrivilege	4536	taskkill.exe
Token: SeDebugPrivilege	2912	taskkill.exe
Token: SeDebugPrivilege	1252	taskkill.exe
Token: SeDebugPrivilege	2844	taskkill.exe
Token: SeDebugPrivilege	1740	taskkill.exe
Token: SeDebugPrivilege	3868	taskkill.exe
Token: SeDebugPrivilege	524	taskkill.exe
Token: SeDebugPrivilege	4800	taskkill.exe
Token: SeDebugPrivilege	1804	taskkill.exe
Token: SeDebugPrivilege	4512	taskkill.exe
Token: SeDebugPrivilege	240	taskkill.exe
Token: SeDebugPrivilege	332	taskkill.exe
Token: SeDebugPrivilege	1540	taskkill.exe
Token: SeDebugPrivilege	4692	taskkill.exe
Token: SeDebugPrivilege	1088	taskkill.exe
Token: SeDebugPrivilege	2044	taskkill.exe
Token: SeDebugPrivilege	1236	taskkill.exe
Token: SeDebugPrivilege	4648	taskkill.exe
Token: SeDebugPrivilege	3008	taskkill.exe
Token: SeDebugPrivilege	904	taskkill.exe
Token: SeDebugPrivilege	456	taskkill.exe
Token: SeDebugPrivilege	376	taskkill.exe
Token: SeDebugPrivilege	4052	taskkill.exe
Token: SeDebugPrivilege	1644	taskkill.exe
Token: SeDebugPrivilege	780	taskkill.exe
Token: SeDebugPrivilege	1972	taskkill.exe
Token: SeDebugPrivilege	2928	taskkill.exe
Token: SeDebugPrivilege	2012	taskkill.exe
Token: SeDebugPrivilege	1240	taskkill.exe
Token: SeDebugPrivilege	3800	taskkill.exe
Token: SeDebugPrivilege	1428	taskkill.exe
Token: SeDebugPrivilege	4440	taskkill.exe
Token: SeDebugPrivilege	1388	taskkill.exe
Token: SeDebugPrivilege	2624	taskkill.exe
Token: SeDebugPrivilege	5076	taskkill.exe
Token: SeDebugPrivilege	3224	taskkill.exe
Token: SeDebugPrivilege	904	taskkill.exe
Token: SeDebugPrivilege	924	taskkill.exe
Token: SeDebugPrivilege	3132	taskkill.exe
Token: SeDebugPrivilege	2764	taskkill.exe
Token: SeDebugPrivilege	1644	taskkill.exe
Token: SeDebugPrivilege	780	taskkill.exe
Token: SeDebugPrivilege	4812	taskkill.exe
Token: SeDebugPrivilege	2928	taskkill.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 4144	4612	loader.exe	87
PID 4612 wrote to memory of 4144	4612	loader.exe	87
PID 4612 wrote to memory of 4144	4612	loader.exe	87
PID 4612 wrote to memory of 4144	4612	loader.exe	87
PID 4612 wrote to memory of 4144	4612	loader.exe	87
PID 4612 wrote to memory of 4144	4612	loader.exe	87
PID 4612 wrote to memory of 4144	4612	loader.exe	87
PID 4612 wrote to memory of 4144	4612	loader.exe	87
PID 4612 wrote to memory of 4144	4612	loader.exe	87
PID 4612 wrote to memory of 4144	4612	loader.exe	87
PID 4612 wrote to memory of 4144	4612	loader.exe	87
PID 4612 wrote to memory of 4144	4612	loader.exe	87
PID 4612 wrote to memory of 4144	4612	loader.exe	87
PID 4612 wrote to memory of 4300	4612	loader.exe	88
PID 4612 wrote to memory of 4300	4612	loader.exe	88
PID 4300 wrote to memory of 4504	4300	cmd.exe	91
PID 4300 wrote to memory of 4504	4300	cmd.exe	91
PID 4300 wrote to memory of 4220	4300	cmd.exe	92
PID 4300 wrote to memory of 4220	4300	cmd.exe	92
PID 4144 wrote to memory of 2516	4144	GamePanel.exe	95
PID 4144 wrote to memory of 2516	4144	GamePanel.exe	95
PID 4144 wrote to memory of 456	4144	GamePanel.exe	96
PID 4144 wrote to memory of 456	4144	GamePanel.exe	96
PID 4144 wrote to memory of 3132	4144	GamePanel.exe	98
PID 4144 wrote to memory of 3132	4144	GamePanel.exe	98
PID 4144 wrote to memory of 1384	4144	GamePanel.exe	100
PID 4144 wrote to memory of 1384	4144	GamePanel.exe	100
PID 4144 wrote to memory of 5048	4144	GamePanel.exe	103
PID 4144 wrote to memory of 5048	4144	GamePanel.exe	103
PID 4144 wrote to memory of 2068	4144	GamePanel.exe	105
PID 4144 wrote to memory of 2068	4144	GamePanel.exe	105
PID 4144 wrote to memory of 2368	4144	GamePanel.exe	107
PID 4144 wrote to memory of 2368	4144	GamePanel.exe	107
PID 4144 wrote to memory of 1680	4144	GamePanel.exe	109
PID 4144 wrote to memory of 1680	4144	GamePanel.exe	109
PID 4144 wrote to memory of 1576	4144	GamePanel.exe	111
PID 4144 wrote to memory of 1576	4144	GamePanel.exe	111
PID 4144 wrote to memory of 3284	4144	GamePanel.exe	113
PID 4144 wrote to memory of 3284	4144	GamePanel.exe	113
PID 4144 wrote to memory of 4440	4144	GamePanel.exe	115
PID 4144 wrote to memory of 4440	4144	GamePanel.exe	115
PID 4144 wrote to memory of 4364	4144	GamePanel.exe	117
PID 4144 wrote to memory of 4364	4144	GamePanel.exe	117
PID 4144 wrote to memory of 1552	4144	GamePanel.exe	119
PID 4144 wrote to memory of 1552	4144	GamePanel.exe	119
PID 4144 wrote to memory of 240	4144	GamePanel.exe	121
PID 4144 wrote to memory of 240	4144	GamePanel.exe	121
PID 4144 wrote to memory of 3216	4144	GamePanel.exe	123
PID 4144 wrote to memory of 3216	4144	GamePanel.exe	123
PID 4144 wrote to memory of 3016	4144	GamePanel.exe	125
PID 4144 wrote to memory of 3016	4144	GamePanel.exe	125
PID 4144 wrote to memory of 2972	4144	GamePanel.exe	127
PID 4144 wrote to memory of 2972	4144	GamePanel.exe	127
PID 4144 wrote to memory of 4612	4144	GamePanel.exe	129
PID 4144 wrote to memory of 4612	4144	GamePanel.exe	129
PID 4144 wrote to memory of 560	4144	GamePanel.exe	131
PID 4144 wrote to memory of 560	4144	GamePanel.exe	131
PID 4144 wrote to memory of 4536	4144	GamePanel.exe	133
PID 4144 wrote to memory of 4536	4144	GamePanel.exe	133
PID 4144 wrote to memory of 2912	4144	GamePanel.exe	135
PID 4144 wrote to memory of 2912	4144	GamePanel.exe	135
PID 4144 wrote to memory of 1252	4144	GamePanel.exe	137
PID 4144 wrote to memory of 1252	4144	GamePanel.exe	137
PID 4144 wrote to memory of 2844	4144	GamePanel.exe	139

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Windows\SYSTEM32\GamePanel.exe
  GamePanel.exe
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4144
- - C:\Windows\SYSTEM32\SystemSettingsAdminFlows.exe
    SystemSettingsAdminFlows.exe SetInternetTime 1
    3⤵
    - System Time Discovery
    PID:2516
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:456
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:3132
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1384
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5048
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2068
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2368
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1680
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1576
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3284
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4364
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1552
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:240
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3216
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3016
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2972
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4612
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:560
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4536
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2912
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1252
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2844
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1740
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3868
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:524
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4800
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1804
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4512
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    - Launches sc.exe
    PID:2212
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:1244
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:1240
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:3816
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3420
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:652
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2076
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:536
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:3908
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:4940
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:240
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:332
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1540
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4692
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1088
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2044
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1236
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4648
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3008
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:904
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:456
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:376
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4052
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1644
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:780
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1972
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2928
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1240
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3800
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1428
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1388
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2624
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5076
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3224
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    - Launches sc.exe
    PID:4768
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4608
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2932
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:4772
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:1088
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:3768
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2560
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:4580
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:1252
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:5016
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:904
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:924
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3132
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2764
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1644
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:780
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4812
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2928
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4128
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1312
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:3448
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:5104
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:748
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:2556
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4516
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1160
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:240
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:444
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:216
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:724
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3728
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:3096
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:5116
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:4632
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:4064
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:2860
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:64
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:3132
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:820
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3256
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:324
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2568
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3400
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:1412
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2368
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4720
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:3448
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:1428
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4952
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:3660
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:3816
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2020
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:404
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1128
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:4772
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:4472
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:4808
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:1236
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:5116
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:5016
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:3172
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:920
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:2200
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:2640
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:4200
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1660
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:3864
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:2068
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:2012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:2688
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:1240
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:1576
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:3284
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:3432
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3012
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:536
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:5076
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3936
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:3276
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2168
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:5108
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4416
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4772
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:772
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:3728
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4404
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:1608
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:4748
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4064
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1152
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:1944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:4012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:4168
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:5048
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:3804
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1096
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:2368
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:3028
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:3416
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1760
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1552
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:2296
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:2836
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:3160
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:3252
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:2376
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:2064
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:1192
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:3180
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:5108
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:1200
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:4032
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2912
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:772
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:1948
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2284
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:2844
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:3052
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:2588
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:2248
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:1536
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4804
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:1804
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:1532
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4812
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:2068
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:1916
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:2368
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:892
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:3696
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:2088
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1800
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:536
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:4288
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:4484
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3828
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1140
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3276
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:1476
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:1012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:4504
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:3228
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4268
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:4404
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:2404
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3524
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:4748
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:1740
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:5028
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:2248
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    - Launches sc.exe
    PID:1216
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:1616
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:324
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:3864
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:2928
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:3720
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4024
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:2076
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:4664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:5068
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1040
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:1420
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:4188
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:3192
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:1440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4736
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:3908
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:2972
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:272
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:2488
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3820
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:4732
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:1236
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:1948
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:3596
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3232
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:3560
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4408
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2200
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:1008
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    - Launches sc.exe
    PID:4784
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:5004
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:1136
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:780
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:4780
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:1736
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:3624
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:976
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:3108
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:748
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4320
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4788
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:1520
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4484
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:3876
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:3992
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:4692
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:3180
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:3656
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:5112
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:4648
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:2112
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:1252
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:3484
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3596
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:3232
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:4600
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:4052
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:2492
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:820
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:2568
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:1372
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4668
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:4456
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:1924
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:1112
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:2496
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:4720
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:2368
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:852
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:5068
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:3696
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:3660
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4288
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:2960
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:2704
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:3828
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:860
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2584
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:272
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:4032
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:724
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:4300
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:4268
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4776
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1948
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:4500
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:4252
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:2512
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:5032
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1556
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:5004
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:4792
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:780
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:232
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3996
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:1312
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4020
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:3028
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:1640
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    - Launches sc.exe
    PID:3952
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:3680
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:1040
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:2536
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:636
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:5076
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4484
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:2408
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:1140
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:2020
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4464
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4712
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:2956
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2044
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:2112
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:4680
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:2176
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:904
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:3232
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:4824
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:5028
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1668
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:3484
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:1548
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:3384
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:2996
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:4812
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:3400
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:1916
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:652
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3004
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:3952
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:2208
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2088
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:2536
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3016
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:2364
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:4516
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3116
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:1128
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2204
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:928
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4464
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:3252
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4480
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4612
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:2136
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:3096
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:1608
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4408
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1152
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:5032
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:1216
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:4056
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:324
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:3440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:3132
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:1112
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:1812
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:4700
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3108
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1980
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:2208
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:2220
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:1520
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:2704
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:4484
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:8
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:3856
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:1140
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:5040
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:928
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:4808
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2956
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:416
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:2796
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:3712
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:2308
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:1188
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:1256
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:3916
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:2212
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:3764
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:3364
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4128
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:760
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:3028
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:1080
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:4568
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:1160
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4740
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:5076
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:1376
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:404
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:1888
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1128
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1140
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:4444
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:4732
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:3252
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:216
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:4168
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:2452
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:1496
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2240
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    - Launches sc.exe
    PID:2248
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3024
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:2304
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2080
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:4792
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:2568
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    - Launches sc.exe
    PID:780
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4456
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:1096
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:2076
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:1640
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:1760
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:5104
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:1412
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:1372
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:2364
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:3116
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:4728
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:8
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:2204
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4528
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:4808
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:3840
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:2888
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:2160
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:4500
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3560
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:2120
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:3200
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:1660
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3604
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:3244
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4488
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2396
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:2212
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:1484
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:2496
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2292
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:1112
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:1916
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2696
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:2748
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4524
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:3888
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:2820
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4992
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:3812
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:404
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2168
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:3768
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:928
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:1200
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:4324
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:1632
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:3808
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:2196
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:4600
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:2308
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:4200
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:1944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1548
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1256
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:568
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:4152
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:3996
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:1444
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:2928
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    - Launches sc.exe
    PID:1244
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:3680
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:3108
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:5104
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:2748
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:1468
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:1160
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:4516
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:1240
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2960
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:3184
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:404
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:2168
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:724
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:1012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:1200
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4580
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:4332
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:1384
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:5044
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:4600
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:188
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:1008
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:1944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:2304
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1256
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:5064
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:3496
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:3000
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:2688
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:4780
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:848
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:3004
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:1080
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:4320
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3160
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:2536
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:1912
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:228
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:4616
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:2508
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:3748
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:4336
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:5040
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:444
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2936
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4864
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:2524
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4332
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:1612
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:5044
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4600
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4572
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2400
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4792
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1724
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:3480
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:780
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:3996
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:1096
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:2944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:4664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:4720
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:2876
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:4008
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:4872
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:3224
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:2536
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:3420
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:4768
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:2204
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:928
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:2748
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:1876
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    - Launches sc.exe
    PID:4772
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3100
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:1232
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:64
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:4332
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:4408
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:4052
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:2492
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:1184
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:2468
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:820
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4920
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:2996
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:1188
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:3380
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4456
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:3416
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:1060
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:2696
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:1432
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:4008
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:5008
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:2580
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:1428
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:3116
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:4768
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:2020
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:4324
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:116
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:2072
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:1632
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:624
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:1384
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:5072
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:5028
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:2492
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:4012
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:1072
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3604
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:3296
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:1724
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:932
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:3136
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:424
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:3800
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4432
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:2552
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:636
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2088
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:3016
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:3720
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:4736
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:3120
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:3392
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:2376
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:3600
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:2020
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:1876
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:1028
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3808
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:2588
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:4500
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:2248
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:2612
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:2492
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:2424
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:1624
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4660
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:4920
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:1724
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:1924
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:2212
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:3624
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3124
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:2444
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:4432
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:1980
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:1468
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4320
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:3192
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:2064
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:3160
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4112
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:980
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:2972
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:4444
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:3820
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:1828
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:2920
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:988
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:1840
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1424
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:1384
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:556
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:4600
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:4272
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:4056
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:1256
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:1804
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:472
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:2212
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:1680
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:1952
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    - Launches sc.exe
    PID:2444
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:3284
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:4720
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:1204
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2556
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:4008
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:3016
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:3988
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4692
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:112
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:1140
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:928
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:2956
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4300
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:5112
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:712
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:1028
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1564
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:332
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:1612
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:2816
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:5072
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4512
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:4272
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:2468
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:1236
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:2524
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:2952
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3256
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:2544
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:1640
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:2292
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:4700
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:4432
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4900
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:4140
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:4524
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3388
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:1096
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2516
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:1404
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:1476
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:3120
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4728
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:5108
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:2204
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4688
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4648
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:2888
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4580
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:3132
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:3712
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:2452
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:3524
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:4368
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:2796
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:5004
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:1348
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:3228
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:236
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:4748
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:1764
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1256
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1724
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:232
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:4456
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:1680
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:4664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3004
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:4568
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:648
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:1204
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:4364
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:2364
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:2028
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:3396
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3144
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:992
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:1088
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:3180
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4768
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4536
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4216
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4504
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:3096
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:348
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2072
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:1608
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:4884
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:2120
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:4800
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:2764
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:3868
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:4056
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:3104
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:4408
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:5088
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1804
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:3256
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1464
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:2944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:760
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:4700
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3696
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:1576
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:3888
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    - Launches sc.exe
    PID:4872
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:1996
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:1080
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:3828
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:4116
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:652
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:1928
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2820
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4528
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4896
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:1012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:1440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:1240
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:1540
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:988
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:3808
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:1700
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1224
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:4200
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:1008
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:2248
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:5004
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:3484
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:4100
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:392
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:4488
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:2952
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:2664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:3996
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:1464
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:1868
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:1968
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:4668
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3004
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:568
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:4320
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:4516
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:2364
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:1648
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:3068
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:5008
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3992
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    - Launches sc.exe
    PID:1928
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:3120
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4336
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4220
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:2936
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4216
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:404
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4772
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:116
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2072
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:3128
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:1728
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:2120
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:4012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:2764
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:1184
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:4248
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:4680
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:1764
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:5088
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1804
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:232
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1640
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:760
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:4700
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:192
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:852
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:636
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:2008
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2704
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:320
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3828
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:3528
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2360
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3184
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:2972
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2204
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4896
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:2912
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:1440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4796
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:712
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:1028
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4448
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:1564
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:1424
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:1668
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:1932
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:3348
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:2404
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:5004
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:3728
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:4676
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:5048
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:4920
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:3136
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3804
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:232
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3872
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:760
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:3696
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:3284
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:568
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:1552
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:2008
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2704
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:2416
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:3396
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:3528
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:1748
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:2696
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:3120
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:2584
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:772
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:944
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4648
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:1440
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4504
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:1540
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:2452
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:1384
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:388
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:4052
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:4468
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:4012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:1660
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:3240
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4660
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:4904
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    - Kills process with taskkill
    PID:824
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:3480
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:924
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:4780
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:1400
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1952
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:2284
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:648
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:3364
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3936
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:1800
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:2008
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:524
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:3144
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    - Launches sc.exe
    PID:3012
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:2580
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:3420
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:1776
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:4528
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:1228
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:2936
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4216
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4732
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4772
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:988
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:64
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:1248
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:1700
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:4420
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:404
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:5028
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:3644
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:1136
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:4056
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4344
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:1556
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:3496
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:3380
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:2396
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:3996
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:3596
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1640
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:2552
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:748
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:3284
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:1412
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:3876
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:1040
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2516
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:2960
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:228
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:860
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:1304
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:2300
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:456
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:4528
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:772
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4484
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:3840
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4208
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:348
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:3172
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4168
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:332
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUx.exe" /F /T
    3⤵
    PID:1016
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RiotClientUxRender.exe" /F /T
    3⤵
    PID:5072
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EpicGamesLauncher.exe" /F /T
    3⤵
    PID:1728
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteLauncher.exe" /F /T
    3⤵
    PID:3244
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping.exe" /F /T
    3⤵
    PID:3644
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_BE.exe" /F /T
    3⤵
    PID:1136
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC.exe" /F /T
    3⤵
    PID:4748
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "FortniteClient-Win64-Shipping_EAC_EOS.exe" /F /T
    3⤵
    PID:3864
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "EscapeFromTarkov.exe" /F /T
    3⤵
    PID:4292
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RainbowSix.exe" /F /T
    3⤵
    PID:1188
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RustClient.exe" /F /T
    3⤵
    PID:2800
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:4240
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "RogueCompany.exe" /F /T
    3⤵
    PID:2012
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "BlackOpsColdWar.exe" /F /T
    3⤵
    PID:1400
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "ModernWarfare.exe" /F /T
    3⤵
    PID:4664
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "cod.exe" /F /T
    3⤵
    PID:760
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "r5apex.exe" /F /T
    3⤵
    PID:4668
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "DayZ_x64.exe" /F /T
    3⤵
    PID:3284
- - C:\Windows\SYSTEM32\sc.exe
    sc stop vkg
    3⤵
    PID:4516
- - C:\Windows\SYSTEM32\sc.exe
    sc stop FaceIT
    3⤵
    PID:5016
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEService
    3⤵
    PID:2008
- - C:\Windows\SYSTEM32\sc.exe
    sc stop BEDaisy
    3⤵
    PID:1648
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    PID:2960
- - C:\Windows\SYSTEM32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    PID:2408
- - C:\Windows\SYSTEM32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:3392
- - C:\Windows\SYSTEM32\sc.exe
    sc stop atvi-brynhildr
    3⤵
    PID:3184
- - C:\Windows\SYSTEM32\sc.exe
    sc start ProfSvc
    3⤵
    PID:3180
- - C:\Windows\SYSTEM32\sc.exe
    sc config ProfSvc start=auto
    3⤵
    PID:3120
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:5076
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
    3⤵
    PID:4324
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
    3⤵
    PID:4372
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:3840
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4796
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:348
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:2932
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /IM "VALORANT-Win64-Shipping.exe" /F /T
    3⤵
    PID:2200
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\loader.exe" & fsutil usn deletejournal /D C:
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:4300
- - C:\Windows\system32\PING.EXE
    ping 1.1.1.1 -n 1 -w 3000
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:4504
- - C:\Windows\system32\fsutil.exe
    fsutil usn deletejournal /D C:
    3⤵
    - Deletes NTFS Change Journal
    PID:4220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Remote System Discovery

T1018

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Destruction

T1485

Inhibit System Recovery

T1490

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4144-7-0x0000000140000000-0x0000000145933000-memory.dmp

Filesize
89.2MB

Download
memory/4144-8-0x0000000140000000-0x0000000145933000-memory.dmp

Filesize
89.2MB

Download
memory/4144-11-0x0000000140000000-0x0000000145933000-memory.dmp

Filesize
89.2MB

Download
memory/4144-14-0x0000000140000000-0x0000000145933000-memory.dmp

Filesize
89.2MB

Download
memory/4144-19-0x0000000140000000-0x0000000145933000-memory.dmp

Filesize
89.2MB

Download
memory/4144-20-0x0000000140000000-0x0000000145933000-memory.dmp

Filesize
89.2MB

Download
memory/4612-0-0x00000001439F7000-0x000000014404E000-memory.dmp

Filesize
6.3MB

Download
memory/4612-1-0x00007FFF33470000-0x00007FFF33472000-memory.dmp

Filesize
8KB

Download
memory/4612-2-0x0000000140000000-0x0000000145933000-memory.dmp

Filesize
89.2MB

Download
memory/4612-9-0x0000000140000000-0x0000000145933000-memory.dmp

Filesize
89.2MB

Download
memory/4612-10-0x00000001439F7000-0x000000014404E000-memory.dmp

Filesize
6.3MB

Download