← Back to SOC feed Coverage →

Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 1

sigma HIGH SigmaHQ
imProcessCreate
evasion
This rule was pulled from an open-source repository and enriched with AI. Validate in a test environment before deploying to production.
View original rule at SigmaHQ →
Retrieved: 2026-05-21T11:00:00Z · Confidence: medium

Hunt Hypothesis

Detects the usage of emojis in the command line, this could be a sign of potential defense evasion activity.

Detection Rule

Sigma (Original)

title: Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 1
id: 4a30ac0c-b9d6-4e01-b71a-5f851bbf4259
status: test
description: Detects the usage of emojis in the command line, this could be a sign of potential defense evasion activity.
author: '@Kostastsale, TheDFIRReport'
references:
    - Internal Research
tags:
    - attack.stealth
date: 2022-12-05
logsource:
    product: windows
    category: process_creation
detection:
    selection:
        CommandLine|contains:
            - '๐Ÿ˜€'
            - '๐Ÿ˜ƒ'
            - '๐Ÿ˜„'
            - '๐Ÿ˜'
            - '๐Ÿ˜†'
            - '๐Ÿ˜…'
            - '๐Ÿ˜‚'
            - '๐Ÿคฃ'
            - '๐Ÿฅฒ'
            - '๐Ÿฅน'
            - 'โ˜บ๏ธ'
            - '๐Ÿ˜Š'
            - '๐Ÿ˜‡'
            - '๐Ÿ™‚'
            - '๐Ÿ™ƒ'
            - '๐Ÿ˜‰'
            - '๐Ÿ˜Œ'
            - '๐Ÿ˜'
            - '๐Ÿฅฐ'
            - '๐Ÿ˜˜'
            - '๐Ÿ˜—'
            - '๐Ÿ˜™'
            - '๐Ÿ˜š'
            - '๐Ÿ˜‹'
            - '๐Ÿ˜›'
            - '๐Ÿ˜'
            - '๐Ÿ˜œ'
            - '๐Ÿคช'
            - '๐Ÿคจ'
            - '๐Ÿง'
            - '๐Ÿค“'
            - '๐Ÿ˜Ž'
            - '๐Ÿฅธ'
            - '๐Ÿคฉ'
            - '๐Ÿฅณ'
            - '๐Ÿ˜'
            - '๐Ÿ˜’'
            - '๐Ÿ˜ž'
            - '๐Ÿ˜”'
            - '๐Ÿ˜Ÿ'
            - '๐Ÿ˜•'
            - '๐Ÿ™'
            - 'โ˜น๏ธ'
            - '๐Ÿ˜ฃ'
            - '๐Ÿ˜–'
            - '๐Ÿ˜ซ'
            - '๐Ÿ˜ฉ'
            - '๐Ÿฅบ'
            - '๐Ÿ˜ข'
            - '๐Ÿ˜ญ'
            - '๐Ÿ˜ฎโ€๐Ÿ’จ'
            - '๐Ÿ˜ค'
            - '๐Ÿ˜ '
            - '๐Ÿ˜ก'
            - '๐Ÿคฌ'
            - '๐Ÿคฏ'
            - '๐Ÿ˜ณ'
            - '๐Ÿฅต'
            - '๐Ÿฅถ'
            - '๐Ÿ˜ฑ'
            - '๐Ÿ˜จ'
            - '๐Ÿ˜ฐ'
            - '๐Ÿ˜ฅ'
            - '๐Ÿ˜“'
            - '๐Ÿซฃ'
            - '๐Ÿค—'
            - '๐Ÿซก'
            - '๐Ÿค”'
            - '๐Ÿซข'
            - '๐Ÿคญ'
            - '๐Ÿคซ'
            - '๐Ÿคฅ'
            - '๐Ÿ˜ถ'
            - '๐Ÿ˜ถโ€๐ŸŒซ๏ธ'
            - '๐Ÿ˜'
            - '๐Ÿ˜‘'
            - '๐Ÿ˜ฌ'
            - '๐Ÿซ '
            - '๐Ÿ™„'
            - '๐Ÿ˜ฏ'
            - '๐Ÿ˜ฆ'
            - '๐Ÿ˜ง'
            - '๐Ÿ˜ฎ'
            - '๐Ÿ˜ฒ'
            - '๐Ÿฅฑ'
            - '๐Ÿ˜ด'
            - '๐Ÿคค'
            - '๐Ÿ˜ช'
            - '๐Ÿ˜ต'
            - '๐Ÿ˜ตโ€๐Ÿ’ซ'
            - '๐Ÿซฅ'
            - '๐Ÿค'
            - '๐Ÿฅด'
            - '๐Ÿคข'
            - '๐Ÿคฎ'
            - '๐Ÿคง'
            - '๐Ÿ˜ท'
            - '๐Ÿค’'
            - '๐Ÿค•'
            - '๐Ÿค‘'
            - '๐Ÿค '
            - '๐Ÿ˜ˆ'
            - '๐Ÿ‘ฟ'
            - '๐Ÿ‘น'
            - '๐Ÿ‘บ'
            - '๐Ÿคก'
            - '๐Ÿ’ฉ'
            - '๐Ÿ‘ป'
            - '๐Ÿ’€'
            - 'โ˜ ๏ธ'
            - '๐Ÿ‘ฝ'
            - '๐Ÿ‘พ'
            - '๐Ÿค–'
            - '๐ŸŽƒ'
            - '๐Ÿ˜บ'
            - '๐Ÿ˜ธ'
            - '๐Ÿ˜น'
            - '๐Ÿ˜ป'
            - '๐Ÿ˜ผ'
            - '๐Ÿ˜ฝ'
            - '๐Ÿ™€'
            - '๐Ÿ˜ฟ'
            - '๐Ÿ˜พ'
            - '๐Ÿ‘‹'
            - '๐Ÿคš'
            - '๐Ÿ–'
            - 'โœ‹'
            - '๐Ÿ––'
            - '๐Ÿ‘Œ'
            - '๐ŸคŒ'
            - '๐Ÿค'
            - 'โœŒ๏ธ'
            - '๐Ÿคž'
            - '๐Ÿซฐ'
            - '๐ŸคŸ'
            - '๐Ÿค˜'
            - '๐Ÿค™'
            - '๐Ÿซต'
            - '๐Ÿซฑ'
            - '๐Ÿซฒ'
            - '๐Ÿซณ'
            - '๐Ÿซด'
            - '๐Ÿ‘ˆ'
            - '๐Ÿ‘‰'
            - '๐Ÿ‘†'
            - '๐Ÿ–•'
            - '๐Ÿ‘‡'
            - 'โ˜๏ธ'
            - '๐Ÿ‘'
            - '๐Ÿ‘Ž'
            - 'โœŠ'
            - '๐Ÿ‘Š'
            - '๐Ÿค›'
            - '๐Ÿคœ'
            - '๐Ÿ‘'
            - '๐Ÿซถ'
            - '๐Ÿ™Œ'
            - '๐Ÿ‘'
            - '๐Ÿคฒ'
            - '๐Ÿค'
            - '๐Ÿ™'
            - 'โœ๏ธ'
            - '๐Ÿ’ช'
            - '๐Ÿฆพ'
            - '๐Ÿฆต'
            - '๐Ÿฆฟ'
            - '๐Ÿฆถ'
            - '๐Ÿ‘ฃ'
            - '๐Ÿ‘‚'
            - '๐Ÿฆป'
            - '๐Ÿ‘ƒ'
            - '๐Ÿซ€'
            - '๐Ÿซ'
            - '๐Ÿง '
            - '๐Ÿฆท'
            - '๐Ÿฆด'
            - '๐Ÿ‘€'
            - '๐Ÿ‘'
            - '๐Ÿ‘…'
            - '๐Ÿ‘„'
            - '๐Ÿซฆ'
            - '๐Ÿ’‹'
            - '๐Ÿฉธ'
            - '๐Ÿ‘ถ'
            - '๐Ÿ‘ง'
            - '๐Ÿง’'
            - '๐Ÿ‘ฆ'
            - '๐Ÿ‘ฉ'
            - '๐Ÿง‘'
            - '๐Ÿ‘จ'
            - '๐Ÿ‘ฉโ€๐Ÿฆฑ'
            - '๐Ÿง‘โ€๐Ÿฆฑ'
            - '๐Ÿ‘จโ€๐Ÿฆฑ'
            - '๐Ÿ‘ฉโ€๐Ÿฆฐ'
            - '๐Ÿง‘โ€๐Ÿฆฐ'
            - '๐Ÿ‘จโ€๐Ÿฆฐ'
            - '๐Ÿ‘ฑโ€โ™€๏ธ'
            - '๐Ÿ‘ฑ'
            - '๐Ÿ‘ฑโ€โ™‚๏ธ'
            - '๐Ÿ‘ฉโ€๐Ÿฆณ'
            - '๐Ÿง‘โ€๐Ÿฆณ'
            - '๐Ÿ‘จโ€๐Ÿฆณ'
            - '๐Ÿ‘ฉโ€๐Ÿฆฒ'
            - '๐Ÿง‘โ€๐Ÿฆฒ'
            - '๐Ÿ‘จโ€๐Ÿฆฒ'
            - '๐Ÿง”โ€โ™€๏ธ'
            - '๐Ÿง”'
            - '๐Ÿง”โ€โ™‚๏ธ'
            - '๐Ÿ‘ต'
            - '๐Ÿง“'
            - '๐Ÿ‘ด'
            - '๐Ÿ‘ฒ'
            - '๐Ÿ‘ณโ€โ™€๏ธ'
            - '๐Ÿ‘ณ'
            - '๐Ÿ‘ณโ€โ™‚๏ธ'
            - '๐Ÿง•'
            - '๐Ÿ‘ฎโ€โ™€๏ธ'
            - '๐Ÿ‘ฎ'
            - '๐Ÿ‘ฎโ€โ™‚๏ธ'
            - '๐Ÿ‘ทโ€โ™€๏ธ'
            - '๐Ÿ‘ท'
            - '๐Ÿ‘ทโ€โ™‚๏ธ'
            - '๐Ÿ’‚โ€โ™€๏ธ'
            - '๐Ÿ’‚'
            - '๐Ÿ’‚โ€โ™‚๏ธ'
            - '๐Ÿ•ต๏ธโ€โ™€๏ธ'
            - '๐Ÿ•ต๏ธ'
            - '๐Ÿ•ต๏ธโ€โ™‚๏ธ'
            - '๐Ÿ‘ฉโ€โš•๏ธ'
            - '๐Ÿง‘โ€โš•๏ธ'
            - '๐Ÿ‘จโ€โš•๏ธ'
            - '๐Ÿ‘ฉโ€๐ŸŒพ'
            - '๐Ÿง‘โ€๐ŸŒพ'
            - '๐Ÿ‘จโ€๐ŸŒพ'
            - '๐Ÿ‘ฉโ€๐Ÿณ'
            - '๐Ÿง‘โ€๐Ÿณ'
            - '๐Ÿ‘จโ€๐Ÿณ'
            - '๐Ÿ‘ฉโ€๐ŸŽ“'
            - '๐Ÿง‘โ€๐ŸŽ“'
            - '๐Ÿ‘จโ€๐ŸŽ“'
            - '๐Ÿ‘ฉโ€๐ŸŽค'
            - '๐Ÿง‘โ€๐ŸŽค'
            - '๐Ÿ‘จโ€๐ŸŽค'
            - '๐Ÿ‘ฉโ€๐Ÿซ'
            - '๐Ÿง‘โ€๐Ÿซ'
            - '๐Ÿ‘จโ€๐Ÿซ'
            - '๐Ÿ‘ฉโ€๐Ÿญ'
            - '๐Ÿง‘โ€๐Ÿญ'
            - '๐Ÿ‘จโ€๐Ÿญ'
            - '๐Ÿ‘ฉโ€๐Ÿ’ป'
            - '๐Ÿง‘โ€๐Ÿ’ป'
            - '๐Ÿ‘จโ€๐Ÿ’ป'
            - '๐Ÿ‘ฉโ€๐Ÿ’ผ'
            - '๐Ÿง‘โ€๐Ÿ’ผ'
            - '๐Ÿ‘จโ€๐Ÿ’ผ'
            - '๐Ÿ‘ฉโ€๐Ÿ”ง'
            - '๐Ÿง‘โ€๐Ÿ”ง'
            - '๐Ÿ‘จโ€๐Ÿ”ง'
            - '๐Ÿ‘ฉโ€๐Ÿ”ฌ'
            - '๐Ÿง‘โ€๐Ÿ”ฌ'
            - '๐Ÿ‘จโ€๐Ÿ”ฌ'
            - '๐Ÿ‘ฉโ€๐ŸŽจ'
            - '๐Ÿง‘โ€๐ŸŽจ'
            - '๐Ÿ‘จโ€๐ŸŽจ'
            - '๐Ÿ‘ฉโ€๐Ÿš’'
            - '๐Ÿง‘โ€๐Ÿš’'
            - '๐Ÿ‘จโ€๐Ÿš’'
            - '๐Ÿ‘ฉโ€โœˆ๏ธ'
            - '๐Ÿง‘โ€โœˆ๏ธ'
            - '๐Ÿ‘จโ€โœˆ๏ธ'
            - '๐Ÿ‘ฉโ€๐Ÿš€'
            - '๐Ÿง‘โ€๐Ÿš€'
            - '๐Ÿ‘จโ€๐Ÿš€'
            - '๐Ÿ‘ฉโ€โš–๏ธ'
            - '๐Ÿง‘โ€โš–๏ธ'
            - '๐Ÿ‘จโ€โš–๏ธ'
            - '๐Ÿ‘ฐโ€โ™€๏ธ'
            - '๐Ÿ‘ฐ'
            - '๐Ÿ‘ฐโ€โ™‚๏ธ'
            - '๐Ÿคตโ€โ™€๏ธ'
            - '๐Ÿคต'
            - '๐Ÿคตโ€โ™‚๏ธ'
            - '๐Ÿ‘ธ'
            - '๐Ÿซ…'
            - '๐Ÿคด'
            - '๐Ÿฅท'
            - '๐Ÿฆธโ€โ™€๏ธ'
            - '๐Ÿฆธ'
            - '๐Ÿฆธโ€โ™‚๏ธ'
            - '๐Ÿฆนโ€โ™€๏ธ'
            - '๐Ÿฆน'
            - '๐Ÿฆนโ€โ™‚๏ธ'
            - '๐Ÿคถ'
            - '๐Ÿง‘โ€๐ŸŽ„'
            - '๐ŸŽ…'
            - '๐Ÿง™โ€โ™€๏ธ'
            - '๐Ÿง™'
            - '๐Ÿง™โ€โ™‚๏ธ'
            - '๐Ÿงโ€โ™€๏ธ'
            - '๐Ÿง'
            - '๐Ÿงโ€โ™‚๏ธ'
            - '๐Ÿง›โ€โ™€๏ธ'
            - '๐Ÿง›'
            - '๐Ÿง›โ€โ™‚๏ธ'
            - '๐ŸงŸโ€โ™€๏ธ'
            - '๐ŸงŸ'
            - '๐ŸงŸโ€โ™‚๏ธ'
            - '๐Ÿงžโ€โ™€๏ธ'
            - '๐Ÿงž'
            - '๐Ÿงžโ€โ™‚๏ธ'
            - '๐Ÿงœโ€โ™€๏ธ'
            - '๐Ÿงœ'
            - '๐Ÿงœโ€โ™‚๏ธ'
            - '๐Ÿงšโ€โ™€๏ธ'
            - '๐Ÿงš'
            - '๐Ÿงšโ€โ™‚๏ธ'
            - '๐ŸงŒ'
            - '๐Ÿ‘ผ'
            - '๐Ÿคฐ'
            - '๐Ÿซ„'
            - '๐Ÿซƒ'
            - '๐Ÿคฑ'
            - '๐Ÿ‘ฉโ€๐Ÿผ'
            - '๐Ÿง‘โ€๐Ÿผ'
            - '๐Ÿ‘จโ€๐Ÿผ'
            - '๐Ÿ™‡โ€โ™€๏ธ'
            - '๐Ÿ™‡'
            - '๐Ÿ™‡โ€โ™‚๏ธ'
            - '๐Ÿ’โ€โ™€๏ธ'
            - '๐Ÿ’'
            - '๐Ÿ’โ€โ™‚๏ธ'
            - '๐Ÿ™…โ€โ™€๏ธ'
            - '๐Ÿ™…'
            - '๐Ÿ™…โ€โ™‚๏ธ'
            - '๐Ÿ™†โ€โ™€๏ธ'
            - '๐Ÿ™†'
            - '๐Ÿ™†โ€โ™‚๏ธ'
            - '๐Ÿ™‹โ€โ™€๏ธ'
            - '๐Ÿ™‹'
            - '๐Ÿ™‹โ€โ™‚๏ธ'
            - '๐Ÿงโ€โ™€๏ธ'
            - '๐Ÿง'
            - '๐Ÿงโ€โ™‚๏ธ'
            - '๐Ÿคฆโ€โ™€๏ธ'
            - '๐Ÿคฆ'
            - '๐Ÿคฆโ€โ™‚๏ธ'
            - '๐Ÿคทโ€โ™€๏ธ'
            - '๐Ÿคท'
            - '๐Ÿคทโ€โ™‚๏ธ'
            - '๐Ÿ™Žโ€โ™€๏ธ'
            - '๐Ÿ™Ž'
            - '๐Ÿ™Žโ€โ™‚๏ธ'
            - '๐Ÿ™โ€โ™€๏ธ'
            - '๐Ÿ™'
            - '๐Ÿ™โ€โ™‚๏ธ'
            - '๐Ÿ’‡โ€โ™€๏ธ'
            - '๐Ÿ’‡'
            - '๐Ÿ’‡โ€โ™‚๏ธ'
            - '๐Ÿ’†โ€โ™€๏ธ'
            - '๐Ÿ’†'
            - '๐Ÿ’†โ€โ™‚๏ธ'
            - '๐Ÿง–โ€โ™€๏ธ'
            - '๐Ÿง–'
            - '๐Ÿง–โ€โ™‚๏ธ'
            - '๐Ÿ’…'
            - '๐Ÿ’ƒ'
            - '๐Ÿ•บ'
            - '๐Ÿ‘ฏโ€โ™€๏ธ'
            - '๐Ÿ‘ฏ'
            - '๐Ÿ‘ฏโ€โ™‚๏ธ'
            - '๐Ÿ•ด'
            - '๐Ÿ‘ฉโ€๐Ÿฆฝ'
            - '๐Ÿง‘โ€๐Ÿฆฝ'
            - '๐Ÿ‘จโ€๐Ÿฆฝ'
            - '๐Ÿ‘ฉโ€๐Ÿฆผ'
            - '๐Ÿง‘โ€๐Ÿฆผ'
            - '๐Ÿ‘จโ€๐Ÿฆผ'
            - '๐Ÿšถโ€โ™€๏ธ'
            - '๐Ÿšถ'
            - '๐Ÿšถโ€โ™‚๏ธ'
            - '๐Ÿ‘ฉโ€๐Ÿฆฏ'
            - '๐Ÿง‘โ€๐Ÿฆฏ'
            - '๐Ÿ‘จโ€๐Ÿฆฏ'
            - '๐ŸงŽโ€โ™€๏ธ'
            - '๐ŸงŽ'
            - '๐ŸงŽโ€โ™‚๏ธ'
            - '๐Ÿƒโ€โ™€๏ธ'
            - '๐Ÿƒ'
            - '๐Ÿƒโ€โ™‚๏ธ'
            - '๐Ÿงโ€โ™€๏ธ'
            - '๐Ÿง'
            - '๐Ÿงโ€โ™‚๏ธ'
            - '๐Ÿ‘ญ'
            - '๐Ÿง‘โ€๐Ÿคโ€๐Ÿง‘'
            - '๐Ÿ‘ฌ'
            - '๐Ÿ‘ซ'
            - '๐Ÿ‘ฉโ€โค๏ธโ€๐Ÿ‘ฉ'
            - '๐Ÿ’‘'
            - '๐Ÿ‘จโ€โค๏ธโ€๐Ÿ‘จ'
            - '๐Ÿ‘ฉโ€โค๏ธโ€๐Ÿ‘จ'
            - '๐Ÿ‘ฉโ€โค๏ธโ€๐Ÿ’‹โ€๐Ÿ‘ฉ'
            - '๐Ÿ’'
            - '๐Ÿ‘จโ€โค๏ธโ€๐Ÿ’‹โ€๐Ÿ‘จ'
            - '๐Ÿ‘ฉโ€โค๏ธโ€๐Ÿ’‹โ€๐Ÿ‘จ'
            - '๐Ÿ‘ช'
            - '๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘ฆ'
            - '๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘ง'
            - '๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ'
            - '๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘ฆโ€๐Ÿ‘ฆ'
            - '๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ง'
            - '๐Ÿ‘จโ€๐Ÿ‘จโ€๐Ÿ‘ฆ'
            - '๐Ÿ‘จโ€๐Ÿ‘จโ€๐Ÿ‘ง'
            - '๐Ÿ‘จโ€๐Ÿ‘จโ€๐Ÿ‘งโ€๐Ÿ‘ฆ'
            - '๐Ÿ‘จโ€๐Ÿ‘จโ€๐Ÿ‘ฆโ€๐Ÿ‘ฆ'
            - '๐Ÿ‘จโ€๐Ÿ‘จโ€๐Ÿ‘งโ€๐Ÿ‘ง'
            - '๐Ÿ‘ฉโ€๐Ÿ‘ฉโ€๐Ÿ‘ฆ'
            - '๐Ÿ‘ฉโ€๐Ÿ‘ฉโ€๐Ÿ‘ง'
            - '๐Ÿ‘ฉโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ'
            - '๐Ÿ‘ฉโ€๐Ÿ‘ฉโ€๐Ÿ‘ฆโ€๐Ÿ‘ฆ'
            - '๐Ÿ‘ฉโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ง'
            - '๐Ÿ‘จโ€๐Ÿ‘ฆ'
            - '๐Ÿ‘จโ€๐Ÿ‘ฆโ€๐Ÿ‘ฆ'
            - '๐Ÿ‘จโ€๐Ÿ‘ง'
            - '๐Ÿ‘จโ€๐Ÿ‘งโ€๐Ÿ‘ฆ'
            - '๐Ÿ‘จโ€๐Ÿ‘งโ€๐Ÿ‘ง'
            - '๐Ÿ‘ฉโ€๐Ÿ‘ฆ'
            - '๐Ÿ‘ฉโ€๐Ÿ‘ฆโ€๐Ÿ‘ฆ'
            - '๐Ÿ‘ฉโ€๐Ÿ‘ง'
            - '๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ'
            - '๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ง'
            - '๐Ÿ—ฃ'
            - '๐Ÿ‘ค'
            - '๐Ÿ‘ฅ'
            - '๐Ÿซ‚'
            - '๐Ÿงณ'
            - '๐ŸŒ‚'
            - 'โ˜‚๏ธ'
            - '๐Ÿงต'
            - '๐Ÿชก'
            - '๐Ÿชข'
            - '๐Ÿงถ'
            - '๐Ÿ‘“'
            - '๐Ÿ•ถ'
            - '๐Ÿฅฝ'
            - '๐Ÿฅผ'
            - '๐Ÿฆบ'
            - '๐Ÿ‘”'
            - '๐Ÿ‘•'
            - '๐Ÿ‘–'
            - '๐Ÿงฃ'
            - '๐Ÿงค'
            - '๐Ÿงฅ'
            - '๐Ÿงฆ'
            - '๐Ÿ‘—'
            - '๐Ÿ‘˜'
            - '๐Ÿฅป'
            - '๐Ÿฉด'
            - '๐Ÿฉฑ'
            - '๐Ÿฉฒ'
            - '๐Ÿฉณ'
            - '๐Ÿ‘™'
            - '๐Ÿ‘š'
            - '๐Ÿ‘›'
            - '๐Ÿ‘œ'
            - '๐Ÿ‘'
            - '๐ŸŽ’'
            - '๐Ÿ‘ž'
            - '๐Ÿ‘Ÿ'
            - '๐Ÿฅพ'
            - '๐Ÿฅฟ'
            - '๐Ÿ‘ '
            - '๐Ÿ‘ก'
            - '๐Ÿฉฐ'
            - '๐Ÿ‘ข'
            - '๐Ÿ‘‘'
            - '๐Ÿ‘’'
            - '๐ŸŽฉ'
            - '๐ŸŽ“'
            - '๐Ÿงข'
            - 'โ›‘'
            - '๐Ÿช–'
            - '๐Ÿ’„'
            - '๐Ÿ’'
            - '๐Ÿ’ผ'
            - '๐Ÿ‘‹๐Ÿป'
            - '๐Ÿคš๐Ÿป'
            - '๐Ÿ–๐Ÿป'
            - 'โœ‹๐Ÿป'
            - '๐Ÿ––๐Ÿป'
            - '๐Ÿ‘Œ๐Ÿป'
            - '๐ŸคŒ๐Ÿป'
            - '๐Ÿค๐Ÿป'
            - 'โœŒ๐Ÿป'
            - '๐Ÿคž๐Ÿป'
            - '๐Ÿซฐ๐Ÿป'
            - '๐ŸคŸ๐Ÿป'
            - '๐Ÿค˜๐Ÿป'
            - '๐Ÿค™๐Ÿป'
            - '๐Ÿซต๐Ÿป'
            - '๐Ÿซฑ๐Ÿป'
            - '๐Ÿซฒ๐Ÿป'
            - '๐Ÿซณ๐Ÿป'
            - '๐Ÿซด๐Ÿป'
            - '๐Ÿ‘ˆ๐Ÿป'
            - '๐Ÿ‘‰๐Ÿป'
            - '๐Ÿ‘†๐Ÿป'
            - '๐Ÿ–•๐Ÿป'
            - '๐Ÿ‘‡๐Ÿป'
            - 'โ˜๐Ÿป'
            - '๐Ÿ‘๐Ÿป'
            - '๐Ÿ‘Ž๐Ÿป'
            - 'โœŠ๐Ÿป'
            - '๐Ÿ‘Š๐Ÿป'
            - '๐Ÿค›๐Ÿป'
            - '๐Ÿคœ๐Ÿป'
            - '๐Ÿ‘๐Ÿป'
            - '๐Ÿซถ๐Ÿป'
            - '๐Ÿ™Œ๐Ÿป'
            - '๐Ÿ‘๐Ÿป'
            - '๐Ÿคฒ๐Ÿป'
            - '๐Ÿ™๐Ÿป'
            - 'โœ๐Ÿป'
            - '๐Ÿ’ช๐Ÿป'
            - '๐Ÿฆต๐Ÿป'
            - '๐Ÿฆถ๐Ÿป'
            - '๐Ÿ‘‚๐Ÿป'
            - '๐Ÿฆป๐Ÿป'
            - '๐Ÿ‘ƒ๐Ÿป'
            - '๐Ÿ‘ถ๐Ÿป'
            - '๐Ÿ‘ง๐Ÿป'
            - '๐Ÿง’๐Ÿป'
            - '๐Ÿ‘ฆ๐Ÿป'
            - '๐Ÿ‘ฉ๐Ÿป'
            - '๐Ÿง‘๐Ÿป'
            - '๐Ÿ‘จ๐Ÿป'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐Ÿฆฑ'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿฆฑ'
            - '๐Ÿ‘จ๐Ÿปโ€๐Ÿฆฑ'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐Ÿฆฐ'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿฆฐ'
            - '๐Ÿ‘จ๐Ÿปโ€๐Ÿฆฐ'
            - '๐Ÿ‘ฑ๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ‘ฑ๐Ÿป'
            - '๐Ÿ‘ฑ๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐Ÿฆณ'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿฆณ'
            - '๐Ÿ‘จ๐Ÿปโ€๐Ÿฆณ'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐Ÿฆฒ'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿฆฒ'
            - '๐Ÿ‘จ๐Ÿปโ€๐Ÿฆฒ'
            - '๐Ÿง”๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿง”๐Ÿป'
            - '๐Ÿง”๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ‘ต๐Ÿป'
            - '๐Ÿง“๐Ÿป'
            - '๐Ÿ‘ด๐Ÿป'
            - '๐Ÿ‘ฒ๐Ÿป'
            - '๐Ÿ‘ณ๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ‘ณ๐Ÿป'
            - '๐Ÿ‘ณ๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿง•๐Ÿป'
            - '๐Ÿ‘ฎ๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ‘ฎ๐Ÿป'
            - '๐Ÿ‘ฎ๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ‘ท๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ‘ท๐Ÿป'
            - '๐Ÿ‘ท๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ’‚๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ’‚๐Ÿป'
            - '๐Ÿ’‚๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ•ต๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ•ต๐Ÿป'
            - '๐Ÿ•ต๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ‘ฉ๐Ÿปโ€โš•๏ธ'
            - '๐Ÿง‘๐Ÿปโ€โš•๏ธ'
            - '๐Ÿ‘จ๐Ÿปโ€โš•๏ธ'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐ŸŒพ'
            - '๐Ÿง‘๐Ÿปโ€๐ŸŒพ'
            - '๐Ÿ‘จ๐Ÿปโ€๐ŸŒพ'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐Ÿณ'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿณ'
            - '๐Ÿ‘จ๐Ÿปโ€๐Ÿณ'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐ŸŽ“'
            - '๐Ÿง‘๐Ÿปโ€๐ŸŽ“'
            - '๐Ÿ‘จ๐Ÿปโ€๐ŸŽ“'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐ŸŽค'
            - '๐Ÿง‘๐Ÿปโ€๐ŸŽค'
            - '๐Ÿ‘จ๐Ÿปโ€๐ŸŽค'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐Ÿซ'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿซ'
            - '๐Ÿ‘จ๐Ÿปโ€๐Ÿซ'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐Ÿญ'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿญ'
            - '๐Ÿ‘จ๐Ÿปโ€๐Ÿญ'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐Ÿ’ป'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿ’ป'
            - '๐Ÿ‘จ๐Ÿปโ€๐Ÿ’ป'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐Ÿ’ผ'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿ’ผ'
            - '๐Ÿ‘จ๐Ÿปโ€๐Ÿ’ผ'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐Ÿ”ง'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿ”ง'
            - '๐Ÿ‘จ๐Ÿปโ€๐Ÿ”ง'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐Ÿ”ฌ'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿ”ฌ'
            - '๐Ÿ‘จ๐Ÿปโ€๐Ÿ”ฌ'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐ŸŽจ'
            - '๐Ÿง‘๐Ÿปโ€๐ŸŽจ'
            - '๐Ÿ‘จ๐Ÿปโ€๐ŸŽจ'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐Ÿš’'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿš’'
            - '๐Ÿ‘จ๐Ÿปโ€๐Ÿš’'
            - '๐Ÿ‘ฉ๐Ÿปโ€โœˆ๏ธ'
            - '๐Ÿง‘๐Ÿปโ€โœˆ๏ธ'
            - '๐Ÿ‘จ๐Ÿปโ€โœˆ๏ธ'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐Ÿš€'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿš€'
            - '๐Ÿ‘จ๐Ÿปโ€๐Ÿš€'
            - '๐Ÿ‘ฉ๐Ÿปโ€โš–๏ธ'
            - '๐Ÿง‘๐Ÿปโ€โš–๏ธ'
            - '๐Ÿ‘จ๐Ÿปโ€โš–๏ธ'
            - '๐Ÿ‘ฐ๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ‘ฐ๐Ÿป'
            - '๐Ÿ‘ฐ๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿคต๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿคต๐Ÿป'
            - '๐Ÿคต๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ‘ธ๐Ÿป'
            - '๐Ÿซ…๐Ÿป'
            - '๐Ÿคด๐Ÿป'
            - '๐Ÿฅท๐Ÿป'
            - '๐Ÿฆธ๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿฆธ๐Ÿป'
            - '๐Ÿฆธ๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿฆน๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿฆน๐Ÿป'
            - '๐Ÿฆน๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿคถ๐Ÿป'
            - '๐Ÿง‘๐Ÿปโ€๐ŸŽ„'
            - '๐ŸŽ…๐Ÿป'
            - '๐Ÿง™๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿง™๐Ÿป'
            - '๐Ÿง™๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿง๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿง๐Ÿป'
            - '๐Ÿง๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿง›๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿง›๐Ÿป'
            - '๐Ÿง›๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿงœ๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿงœ๐Ÿป'
            - '๐Ÿงœ๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿงš๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿงš๐Ÿป'
            - '๐Ÿงš๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ‘ผ๐Ÿป'
            - '๐Ÿคฐ๐Ÿป'
            - '๐Ÿซ„๐Ÿป'
            - '๐Ÿซƒ๐Ÿป'
            - '๐Ÿคฑ๐Ÿป'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐Ÿผ'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿผ'
            - '๐Ÿ‘จ๐Ÿปโ€๐Ÿผ'
            - '๐Ÿ™‡๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ™‡๐Ÿป'
            - '๐Ÿ™‡๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ’๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ’๐Ÿป'
            - '๐Ÿ’๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ™…๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ™…๐Ÿป'
            - '๐Ÿ™…๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ™†๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ™†๐Ÿป'
            - '๐Ÿ™†๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ™‹๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ™‹๐Ÿป'
            - '๐Ÿ™‹๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿง๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿง๐Ÿป'
            - '๐Ÿง๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿคฆ๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿคฆ๐Ÿป'
            - '๐Ÿคฆ๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿคท๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿคท๐Ÿป'
            - '๐Ÿคท๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ™Ž๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ™Ž๐Ÿป'
            - '๐Ÿ™Ž๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ™๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ™๐Ÿป'
            - '๐Ÿ™๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ’‡๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ’‡๐Ÿป'
            - '๐Ÿ’‡๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ’†๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ’†๐Ÿป'
            - '๐Ÿ’†๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿง–๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿง–๐Ÿป'
            - '๐Ÿง–๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ’ƒ๐Ÿป'
            - '๐Ÿ•บ๐Ÿป'
            - '๐Ÿ•ด๐Ÿป'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐Ÿฆฝ'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿฆฝ'
            - '๐Ÿ‘จ๐Ÿปโ€๐Ÿฆฝ'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐Ÿฆผ'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿฆผ'
            - '๐Ÿ‘จ๐Ÿปโ€๐Ÿฆผ'
            - '๐Ÿšถ๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿšถ๐Ÿป'
            - '๐Ÿšถ๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ‘ฉ๐Ÿปโ€๐Ÿฆฏ'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿฆฏ'
            - '๐Ÿ‘จ๐Ÿปโ€๐Ÿฆฏ'
            - '๐ŸงŽ๐Ÿปโ€โ™€๏ธ'
            - '๐ŸงŽ๐Ÿป'
            - '๐ŸงŽ๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿƒ๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿƒ๐Ÿป'
            - '๐Ÿƒ๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿง๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿง๐Ÿป'
            - '๐Ÿง๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ‘ญ๐Ÿป'
            - '๐Ÿง‘๐Ÿปโ€๐Ÿคโ€๐Ÿง‘๐Ÿป'
            - '๐Ÿ‘ฌ๐Ÿป'
            - '๐Ÿ‘ซ๐Ÿป'
            - '๐Ÿง—๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿง—๐Ÿป'
            - '๐Ÿง—๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ‡๐Ÿป'
            - '๐Ÿ‚๐Ÿป'
            - '๐ŸŒ๐Ÿปโ€โ™€๏ธ'
            - '๐ŸŒ๐Ÿป'
            - '๐ŸŒ๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ„๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ„๐Ÿป'
            - '๐Ÿ„๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿšฃ๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿšฃ๐Ÿป'
            - '๐Ÿšฃ๐Ÿปโ€โ™‚๏ธ'
            - '๐ŸŠ๐Ÿปโ€โ™€๏ธ'
            - '๐ŸŠ๐Ÿป'
            - '๐ŸŠ๐Ÿปโ€โ™‚๏ธ'
            - 'โ›น๐Ÿปโ€โ™€๏ธ'
            - 'โ›น๐Ÿป'
            - 'โ›น๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ‹๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿ‹๐Ÿป'
            - '๐Ÿ‹๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿšด๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿšด๐Ÿป'
            - '๐Ÿšด๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿšต๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿšต๐Ÿป'
            - '๐Ÿšต๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿคธ๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿคธ๐Ÿป'
            - '๐Ÿคธ๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿคฝ๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿคฝ๐Ÿป'
            - '๐Ÿคฝ๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿคพ๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿคพ๐Ÿป'
            - '๐Ÿคพ๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿคน๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿคน๐Ÿป'
            - '๐Ÿคน๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿง˜๐Ÿปโ€โ™€๏ธ'
            - '๐Ÿง˜๐Ÿป'
            - '๐Ÿง˜๐Ÿปโ€โ™‚๏ธ'
            - '๐Ÿ›€๐Ÿป'
            - '๐Ÿ›Œ๐Ÿป'
            - '๐Ÿ‘‹๐Ÿผ'
            - '๐Ÿคš๐Ÿผ'
            - '๐Ÿ–๐Ÿผ'
            - 'โœ‹๐Ÿผ'
            - '๐Ÿ––๐Ÿผ'
            - '๐Ÿ‘Œ๐Ÿผ'
            - '๐ŸคŒ๐Ÿผ'
            - '๐Ÿค๐Ÿผ'
            - 'โœŒ๐Ÿผ'
            - '๐Ÿคž๐Ÿผ'
            - '๐Ÿซฐ๐Ÿผ'
            - '๐ŸคŸ๐Ÿผ'
            - '๐Ÿค˜๐Ÿผ'
            - '๐Ÿค™๐Ÿผ'
            - '๐Ÿซต๐Ÿผ'
            - '๐Ÿซฑ๐Ÿผ'
            - '๐Ÿซฒ๐Ÿผ'
            - '๐Ÿซณ๐Ÿผ'
            - '๐Ÿซด๐Ÿผ'
            - '๐Ÿ‘ˆ๐Ÿผ'
            - '๐Ÿ‘‰๐Ÿผ'
            - '๐Ÿ‘†๐Ÿผ'
            - '๐Ÿ–•๐Ÿผ'
            - '๐Ÿ‘‡๐Ÿผ'
            - 'โ˜๐Ÿผ'
            - '๐Ÿ‘๐Ÿผ'
            - '๐Ÿ‘Ž๐Ÿผ'
            - 'โœŠ๐Ÿผ'
            - '๐Ÿ‘Š๐Ÿผ'
            - '๐Ÿค›๐Ÿผ'
            - '๐Ÿคœ๐Ÿผ'
            - '๐Ÿ‘๐Ÿผ'
            - '๐Ÿซถ๐Ÿผ'
            - '๐Ÿ™Œ๐Ÿผ'
            - '๐Ÿ‘๐Ÿผ'
            - '๐Ÿคฒ๐Ÿผ'
            - '๐Ÿ™๐Ÿผ'
            - 'โœ๐Ÿผ'
            - '๐Ÿ’ช๐Ÿผ'
            - '๐Ÿฆต๐Ÿผ'
            - '๐Ÿฆถ๐Ÿผ'
            - '๐Ÿ‘‚๐Ÿผ'
            - '๐Ÿฆป๐Ÿผ'
            - '๐Ÿ‘ƒ๐Ÿผ'
            - '๐Ÿ‘ถ๐Ÿผ'
            - '๐Ÿ‘ง๐Ÿผ'
            - '๐Ÿง’๐Ÿผ'
            - '๐Ÿ‘ฆ๐Ÿผ'
            - '๐Ÿ‘ฉ๐Ÿผ'
            - '๐Ÿง‘๐Ÿผ'
            - '๐Ÿ‘จ๐Ÿผ'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐Ÿฆฑ'
            - '๐Ÿง‘๐Ÿผโ€๐Ÿฆฑ'
            - '๐Ÿ‘จ๐Ÿผโ€๐Ÿฆฑ'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐Ÿฆฐ'
            - '๐Ÿง‘๐Ÿผโ€๐Ÿฆฐ'
            - '๐Ÿ‘จ๐Ÿผโ€๐Ÿฆฐ'
            - '๐Ÿ‘ฑ๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿ‘ฑ๐Ÿผ'
            - '๐Ÿ‘ฑ๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐Ÿฆณ'
            - '๐Ÿง‘๐Ÿผโ€๐Ÿฆณ'
            - '๐Ÿ‘จ๐Ÿผโ€๐Ÿฆณ'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐Ÿฆฒ'
            - '๐Ÿง‘๐Ÿผโ€๐Ÿฆฒ'
            - '๐Ÿ‘จ๐Ÿผโ€๐Ÿฆฒ'
            - '๐Ÿง”๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿง”๐Ÿผ'
            - '๐Ÿง”๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿ‘ต๐Ÿผ'
            - '๐Ÿง“๐Ÿผ'
            - '๐Ÿ‘ด๐Ÿผ'
            - '๐Ÿ‘ฒ๐Ÿผ'
            - '๐Ÿ‘ณ๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿ‘ณ๐Ÿผ'
            - '๐Ÿ‘ณ๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿง•๐Ÿผ'
            - '๐Ÿ‘ฎ๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿ‘ฎ๐Ÿผ'
            - '๐Ÿ‘ฎ๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿ‘ท๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿ‘ท๐Ÿผ'
            - '๐Ÿ‘ท๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿ’‚๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿ’‚๐Ÿผ'
            - '๐Ÿ’‚๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿ•ต๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿ•ต๐Ÿผ'
            - '๐Ÿ•ต๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿ‘ฉ๐Ÿผโ€โš•๏ธ'
            - '๐Ÿง‘๐Ÿผโ€โš•๏ธ'
            - '๐Ÿ‘จ๐Ÿผโ€โš•๏ธ'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐ŸŒพ'
            - '๐Ÿง‘๐Ÿผโ€๐ŸŒพ'
            - '๐Ÿ‘จ๐Ÿผโ€๐ŸŒพ'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐Ÿณ'
            - '๐Ÿง‘๐Ÿผโ€๐Ÿณ'
            - '๐Ÿ‘จ๐Ÿผโ€๐Ÿณ'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐ŸŽ“'
            - '๐Ÿง‘๐Ÿผโ€๐ŸŽ“'
            - '๐Ÿ‘จ๐Ÿผโ€๐ŸŽ“'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐ŸŽค'
            - '๐Ÿง‘๐Ÿผโ€๐ŸŽค'
            - '๐Ÿ‘จ๐Ÿผโ€๐ŸŽค'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐Ÿซ'
            - '๐Ÿง‘๐Ÿผโ€๐Ÿซ'
            - '๐Ÿ‘จ๐Ÿผโ€๐Ÿซ'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐Ÿญ'
            - '๐Ÿง‘๐Ÿผโ€๐Ÿญ'
            - '๐Ÿ‘จ๐Ÿผโ€๐Ÿญ'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐Ÿ’ป'
            - '๐Ÿง‘๐Ÿผโ€๐Ÿ’ป'
            - '๐Ÿ‘จ๐Ÿผโ€๐Ÿ’ป'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐Ÿ’ผ'
            - '๐Ÿง‘๐Ÿผโ€๐Ÿ’ผ'
            - '๐Ÿ‘จ๐Ÿผโ€๐Ÿ’ผ'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐Ÿ”ง'
            - '๐Ÿง‘๐Ÿผโ€๐Ÿ”ง'
            - '๐Ÿ‘จ๐Ÿผโ€๐Ÿ”ง'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐Ÿ”ฌ'
            - '๐Ÿง‘๐Ÿผโ€๐Ÿ”ฌ'
            - '๐Ÿ‘จ๐Ÿผโ€๐Ÿ”ฌ'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐ŸŽจ'
            - '๐Ÿง‘๐Ÿผโ€๐ŸŽจ'
            - '๐Ÿ‘จ๐Ÿผโ€๐ŸŽจ'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐Ÿš’'
            - '๐Ÿง‘๐Ÿผโ€๐Ÿš’'
            - '๐Ÿ‘จ๐Ÿผโ€๐Ÿš’'
            - '๐Ÿ‘ฉ๐Ÿผโ€โœˆ๏ธ'
            - '๐Ÿง‘๐Ÿผโ€โœˆ๏ธ'
            - '๐Ÿ‘จ๐Ÿผโ€โœˆ๏ธ'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐Ÿš€'
            - '๐Ÿง‘๐Ÿผโ€๐Ÿš€'
            - '๐Ÿ‘จ๐Ÿผโ€๐Ÿš€'
            - '๐Ÿ‘ฉ๐Ÿผโ€โš–๏ธ'
            - '๐Ÿง‘๐Ÿผโ€โš–๏ธ'
            - '๐Ÿ‘จ๐Ÿผโ€โš–๏ธ'
            - '๐Ÿ‘ฐ๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿ‘ฐ๐Ÿผ'
            - '๐Ÿ‘ฐ๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿคต๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿคต๐Ÿผ'
            - '๐Ÿคต๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿ‘ธ๐Ÿผ'
            - '๐Ÿซ…๐Ÿผ'
            - '๐Ÿคด๐Ÿผ'
            - '๐Ÿฅท๐Ÿผ'
            - '๐Ÿฆธ๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿฆธ๐Ÿผ'
            - '๐Ÿฆธ๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿฆน๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿฆน๐Ÿผ'
            - '๐Ÿฆน๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿคถ๐Ÿผ'
            - '๐Ÿง‘๐Ÿผโ€๐ŸŽ„'
            - '๐ŸŽ…๐Ÿผ'
            - '๐Ÿง™๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿง™๐Ÿผ'
            - '๐Ÿง™๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿง๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿง๐Ÿผ'
            - '๐Ÿง๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿง›๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿง›๐Ÿผ'
            - '๐Ÿง›๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿงœ๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿงœ๐Ÿผ'
            - '๐Ÿงœ๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿงš๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿงš๐Ÿผ'
            - '๐Ÿงš๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿ‘ผ๐Ÿผ'
            - '๐Ÿคฐ๐Ÿผ'
            - '๐Ÿซ„๐Ÿผ'
            - '๐Ÿซƒ๐Ÿผ'
            - '๐Ÿคฑ๐Ÿผ'
            - '๐Ÿ‘ฉ๐Ÿผโ€๐Ÿผ'
            - '๐Ÿง‘๐Ÿผโ€๐Ÿผ'
            - '๐Ÿ‘จ๐Ÿผโ€๐Ÿผ'
            - '๐Ÿ™‡๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿ™‡๐Ÿผ'
            - '๐Ÿ™‡๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿ’๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿ’๐Ÿผ'
            - '๐Ÿ’๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿ™…๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿ™…๐Ÿผ'
            - '๐Ÿ™…๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿ™†๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿ™†๐Ÿผ'
            - '๐Ÿ™†๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿ™‹๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿ™‹๐Ÿผ'
            - '๐Ÿ™‹๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿง๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿง๐Ÿผ'
            - '๐Ÿง๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿคฆ๐Ÿผโ€โ™€๏ธ'
            - '๐Ÿคฆ๐Ÿผ'
            - '๐Ÿคฆ๐Ÿผโ€โ™‚๏ธ'
            - '๐Ÿคท๐Ÿผโ€โ™€๏ธ'
    condition: selection
falsepositives:
    - Unknown
level: high

KQL (Azure Sentinel)

imProcessCreate
| where TargetProcessCommandLine contains "๐Ÿ˜€" or TargetProcessCommandLine contains "๐Ÿ˜ƒ" or TargetProcessCommandLine contains "๐Ÿ˜„" or TargetProcessCommandLine contains "๐Ÿ˜" or TargetProcessCommandLine contains "๐Ÿ˜†" or TargetProcessCommandLine contains "๐Ÿ˜…" or TargetProcessCommandLine contains "๐Ÿ˜‚" or TargetProcessCommandLine contains "๐Ÿคฃ" or TargetProcessCommandLine contains "๐Ÿฅฒ" or TargetProcessCommandLine contains "๐Ÿฅน" or TargetProcessCommandLine contains "โ˜บ๏ธ" or TargetProcessCommandLine contains "๐Ÿ˜Š" or TargetProcessCommandLine contains "๐Ÿ˜‡" or TargetProcessCommandLine contains "๐Ÿ™‚" or TargetProcessCommandLine contains "๐Ÿ™ƒ" or TargetProcessCommandLine contains "๐Ÿ˜‰" or TargetProcessCommandLine contains "๐Ÿ˜Œ" or TargetProcessCommandLine contains "๐Ÿ˜" or TargetProcessCommandLine contains "๐Ÿฅฐ" or TargetProcessCommandLine contains "๐Ÿ˜˜" or TargetProcessCommandLine contains "๐Ÿ˜—" or TargetProcessCommandLine contains "๐Ÿ˜™" or TargetProcessCommandLine contains "๐Ÿ˜š" or TargetProcessCommandLine contains "๐Ÿ˜‹" or TargetProcessCommandLine contains "๐Ÿ˜›" or TargetProcessCommandLine contains "๐Ÿ˜" or TargetProcessCommandLine contains "๐Ÿ˜œ" or TargetProcessCommandLine contains "๐Ÿคช" or TargetProcessCommandLine contains "๐Ÿคจ" or TargetProcessCommandLine contains "๐Ÿง" or TargetProcessCommandLine contains "๐Ÿค“" or TargetProcessCommandLine contains "๐Ÿ˜Ž" or TargetProcessCommandLine contains "๐Ÿฅธ" or TargetProcessCommandLine contains "๐Ÿคฉ" or TargetProcessCommandLine contains "๐Ÿฅณ" or TargetProcessCommandLine contains "๐Ÿ˜" or TargetProcessCommandLine contains "๐Ÿ˜’" or TargetProcessCommandLine contains "๐Ÿ˜ž" or TargetProcessCommandLine contains "๐Ÿ˜”" or TargetProcessCommandLine contains "๐Ÿ˜Ÿ" or TargetProcessCommandLine contains "๐Ÿ˜•" or TargetProcessCommandLine contains "๐Ÿ™" or TargetProcessCommandLine contains "โ˜น๏ธ" or TargetProcessCommandLine contains "๐Ÿ˜ฃ" or TargetProcessCommandLine contains "๐Ÿ˜–" or TargetProcessCommandLine contains "๐Ÿ˜ซ" or TargetProcessCommandLine contains "๐Ÿ˜ฉ" or TargetProcessCommandLine contains "๐Ÿฅบ" or TargetProcessCommandLine contains "๐Ÿ˜ข" or TargetProcessCommandLine contains "๐Ÿ˜ญ" or TargetProcessCommandLine contains "๐Ÿ˜ฎโ€๐Ÿ’จ" or TargetProcessCommandLine contains "๐Ÿ˜ค" or TargetProcessCommandLine contains "๐Ÿ˜ " or TargetProcessCommandLine contains "๐Ÿ˜ก" or TargetProcessCommandLine contains "๐Ÿคฌ" or TargetProcessCommandLine contains "๐Ÿคฏ" or TargetProcessCommandLine contains "๐Ÿ˜ณ" or TargetProcessCommandLine contains "๐Ÿฅต" or TargetProcessCommandLine contains "๐Ÿฅถ" or TargetProcessCommandLine contains "๐Ÿ˜ฑ" or TargetProcessCommandLine contains "๐Ÿ˜จ" or TargetProcessCommandLine contains "๐Ÿ˜ฐ" or TargetProcessCommandLine contains "๐Ÿ˜ฅ" or TargetProcessCommandLine contains "๐Ÿ˜“" or TargetProcessCommandLine contains "๐Ÿซฃ" or TargetProcessCommandLine contains "๐Ÿค—" or TargetProcessCommandLine contains "๐Ÿซก" or TargetProcessCommandLine contains "๐Ÿค”" or TargetProcessCommandLine contains "๐Ÿซข" or TargetProcessCommandLine contains "๐Ÿคญ" or TargetProcessCommandLine contains "๐Ÿคซ" or TargetProcessCommandLine contains "๐Ÿคฅ" or TargetProcessCommandLine contains "๐Ÿ˜ถ" or TargetProcessCommandLine contains "๐Ÿ˜ถโ€๐ŸŒซ๏ธ" or TargetProcessCommandLine contains "๐Ÿ˜" or TargetProcessCommandLine contains "๐Ÿ˜‘" or TargetProcessCommandLine contains "๐Ÿ˜ฌ" or TargetProcessCommandLine contains "๐Ÿซ " or TargetProcessCommandLine contains "๐Ÿ™„" or TargetProcessCommandLine contains "๐Ÿ˜ฏ" or TargetProcessCommandLine contains "๐Ÿ˜ฆ" or TargetProcessCommandLine contains "๐Ÿ˜ง" or TargetProcessCommandLine contains "๐Ÿ˜ฎ" or TargetProcessCommandLine contains "๐Ÿ˜ฒ" or TargetProcessCommandLine contains "๐Ÿฅฑ" or TargetProcessCommandLine contains "๐Ÿ˜ด" or TargetProcessCommandLine contains "๐Ÿคค" or TargetProcessCommandLine contains "๐Ÿ˜ช" or TargetProcessCommandLine contains "๐Ÿ˜ต" or TargetProcessCommandLine contains "๐Ÿ˜ตโ€๐Ÿ’ซ" or TargetProcessCommandLine contains "๐Ÿซฅ" or TargetProcessCommandLine contains "๐Ÿค" or TargetProcessCommandLine contains "๐Ÿฅด" or TargetProcessCommandLine contains "๐Ÿคข" or TargetProcessCommandLine contains "๐Ÿคฎ" or TargetProcessCommandLine contains "๐Ÿคง" or TargetProcessCommandLine contains "๐Ÿ˜ท" or TargetProcessCommandLine contains "๐Ÿค’" or TargetProcessCommandLine contains "๐Ÿค•" or TargetProcessCommandLine contains "๐Ÿค‘" or TargetProcessCommandLine contains "๐Ÿค " or TargetProcessCommandLine contains "๐Ÿ˜ˆ" or TargetProcessCommandLine contains "๐Ÿ‘ฟ" or TargetProcessCommandLine contains "๐Ÿ‘น" or TargetProcessCommandLine contains "๐Ÿ‘บ" or TargetProcessCommandLine contains "๐Ÿคก" or TargetProcessCommandLine contains "๐Ÿ’ฉ" or TargetProcessCommandLine contains "๐Ÿ‘ป" or TargetProcessCommandLine contains "๐Ÿ’€" or TargetProcessCommandLine contains "โ˜ ๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฝ" or TargetProcessCommandLine contains "๐Ÿ‘พ" or TargetProcessCommandLine contains "๐Ÿค–" or TargetProcessCommandLine contains "๐ŸŽƒ" or TargetProcessCommandLine contains "๐Ÿ˜บ" or TargetProcessCommandLine contains "๐Ÿ˜ธ" or TargetProcessCommandLine contains "๐Ÿ˜น" or TargetProcessCommandLine contains "๐Ÿ˜ป" or TargetProcessCommandLine contains "๐Ÿ˜ผ" or TargetProcessCommandLine contains "๐Ÿ˜ฝ" or TargetProcessCommandLine contains "๐Ÿ™€" or TargetProcessCommandLine contains "๐Ÿ˜ฟ" or TargetProcessCommandLine contains "๐Ÿ˜พ" or TargetProcessCommandLine contains "๐Ÿ‘‹" or TargetProcessCommandLine contains "๐Ÿคš" or TargetProcessCommandLine contains "๐Ÿ–" or TargetProcessCommandLine contains "โœ‹" or TargetProcessCommandLine contains "๐Ÿ––" or TargetProcessCommandLine contains "๐Ÿ‘Œ" or TargetProcessCommandLine contains "๐ŸคŒ" or TargetProcessCommandLine contains "๐Ÿค" or TargetProcessCommandLine contains "โœŒ๏ธ" or TargetProcessCommandLine contains "๐Ÿคž" or TargetProcessCommandLine contains "๐Ÿซฐ" or TargetProcessCommandLine contains "๐ŸคŸ" or TargetProcessCommandLine contains "๐Ÿค˜" or TargetProcessCommandLine contains "๐Ÿค™" or TargetProcessCommandLine contains "๐Ÿซต" or TargetProcessCommandLine contains "๐Ÿซฑ" or TargetProcessCommandLine contains "๐Ÿซฒ" or TargetProcessCommandLine contains "๐Ÿซณ" or TargetProcessCommandLine contains "๐Ÿซด" or TargetProcessCommandLine contains "๐Ÿ‘ˆ" or TargetProcessCommandLine contains "๐Ÿ‘‰" or TargetProcessCommandLine contains "๐Ÿ‘†" or TargetProcessCommandLine contains "๐Ÿ–•" or TargetProcessCommandLine contains "๐Ÿ‘‡" or TargetProcessCommandLine contains "โ˜๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘" or TargetProcessCommandLine contains "๐Ÿ‘Ž" or TargetProcessCommandLine contains "โœŠ" or TargetProcessCommandLine contains "๐Ÿ‘Š" or TargetProcessCommandLine contains "๐Ÿค›" or TargetProcessCommandLine contains "๐Ÿคœ" or TargetProcessCommandLine contains "๐Ÿ‘" or TargetProcessCommandLine contains "๐Ÿซถ" or TargetProcessCommandLine contains "๐Ÿ™Œ" or TargetProcessCommandLine contains "๐Ÿ‘" or TargetProcessCommandLine contains "๐Ÿคฒ" or TargetProcessCommandLine contains "๐Ÿค" or TargetProcessCommandLine contains "๐Ÿ™" or TargetProcessCommandLine contains "โœ๏ธ" or TargetProcessCommandLine contains "๐Ÿ’ช" or TargetProcessCommandLine contains "๐Ÿฆพ" or TargetProcessCommandLine contains "๐Ÿฆต" or TargetProcessCommandLine contains "๐Ÿฆฟ" or TargetProcessCommandLine contains "๐Ÿฆถ" or TargetProcessCommandLine contains "๐Ÿ‘ฃ" or TargetProcessCommandLine contains "๐Ÿ‘‚" or TargetProcessCommandLine contains "๐Ÿฆป" or TargetProcessCommandLine contains "๐Ÿ‘ƒ" or TargetProcessCommandLine contains "๐Ÿซ€" or TargetProcessCommandLine contains "๐Ÿซ" or TargetProcessCommandLine contains "๐Ÿง " or TargetProcessCommandLine contains "๐Ÿฆท" or TargetProcessCommandLine contains "๐Ÿฆด" or TargetProcessCommandLine contains "๐Ÿ‘€" or TargetProcessCommandLine contains "๐Ÿ‘" or TargetProcessCommandLine contains "๐Ÿ‘…" or TargetProcessCommandLine contains "๐Ÿ‘„" or TargetProcessCommandLine contains "๐Ÿซฆ" or TargetProcessCommandLine contains "๐Ÿ’‹" or TargetProcessCommandLine contains "๐Ÿฉธ" or TargetProcessCommandLine contains "๐Ÿ‘ถ" or TargetProcessCommandLine contains "๐Ÿ‘ง" or TargetProcessCommandLine contains "๐Ÿง’" or TargetProcessCommandLine contains "๐Ÿ‘ฆ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ" or TargetProcessCommandLine contains "๐Ÿง‘" or TargetProcessCommandLine contains "๐Ÿ‘จ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿฆฑ" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿฆฑ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿฆฑ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿฆฐ" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿฆฐ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿฆฐ" or TargetProcessCommandLine contains "๐Ÿ‘ฑโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฑ" or TargetProcessCommandLine contains "๐Ÿ‘ฑโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿฆณ" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿฆณ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿฆณ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿฆฒ" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿฆฒ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿฆฒ" or TargetProcessCommandLine contains "๐Ÿง”โ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง”" or TargetProcessCommandLine contains "๐Ÿง”โ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ต" or TargetProcessCommandLine contains "๐Ÿง“" or TargetProcessCommandLine contains "๐Ÿ‘ด" or TargetProcessCommandLine contains "๐Ÿ‘ฒ" or TargetProcessCommandLine contains "๐Ÿ‘ณโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ณ" or TargetProcessCommandLine contains "๐Ÿ‘ณโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿง•" or TargetProcessCommandLine contains "๐Ÿ‘ฎโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฎ" or TargetProcessCommandLine contains "๐Ÿ‘ฎโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ทโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ท" or TargetProcessCommandLine contains "๐Ÿ‘ทโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ’‚โ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ’‚" or TargetProcessCommandLine contains "๐Ÿ’‚โ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ•ต๏ธโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ•ต๏ธ" or TargetProcessCommandLine contains "๐Ÿ•ต๏ธโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€โš•๏ธ" or TargetProcessCommandLine contains "๐Ÿง‘โ€โš•๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€โš•๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐ŸŒพ" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐ŸŒพ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐ŸŒพ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿณ" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿณ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿณ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐ŸŽ“" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐ŸŽ“" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐ŸŽ“" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐ŸŽค" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐ŸŽค" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐ŸŽค" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿซ" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿซ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿซ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿญ" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿญ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿญ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿ’ป" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿ’ป" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ’ป" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿ’ผ" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿ’ผ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ’ผ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿ”ง" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿ”ง" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ”ง" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿ”ฌ" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿ”ฌ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ”ฌ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐ŸŽจ" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐ŸŽจ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐ŸŽจ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿš’" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿš’" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿš’" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€โœˆ๏ธ" or TargetProcessCommandLine contains "๐Ÿง‘โ€โœˆ๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€โœˆ๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿš€" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿš€" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿš€" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€โš–๏ธ" or TargetProcessCommandLine contains "๐Ÿง‘โ€โš–๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€โš–๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฐโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฐ" or TargetProcessCommandLine contains "๐Ÿ‘ฐโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿคตโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿคต" or TargetProcessCommandLine contains "๐Ÿคตโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ธ" or TargetProcessCommandLine contains "๐Ÿซ…" or TargetProcessCommandLine contains "๐Ÿคด" or TargetProcessCommandLine contains "๐Ÿฅท" or TargetProcessCommandLine contains "๐Ÿฆธโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿฆธ" or TargetProcessCommandLine contains "๐Ÿฆธโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿฆนโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿฆน" or TargetProcessCommandLine contains "๐Ÿฆนโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿคถ" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐ŸŽ„" or TargetProcessCommandLine contains "๐ŸŽ…" or TargetProcessCommandLine contains "๐Ÿง™โ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง™" or TargetProcessCommandLine contains "๐Ÿง™โ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿงโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง" or TargetProcessCommandLine contains "๐Ÿงโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿง›โ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง›" or TargetProcessCommandLine contains "๐Ÿง›โ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐ŸงŸโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐ŸงŸ" or TargetProcessCommandLine contains "๐ŸงŸโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿงžโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿงž" or TargetProcessCommandLine contains "๐Ÿงžโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿงœโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿงœ" or TargetProcessCommandLine contains "๐Ÿงœโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿงšโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿงš" or TargetProcessCommandLine contains "๐Ÿงšโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐ŸงŒ" or TargetProcessCommandLine contains "๐Ÿ‘ผ" or TargetProcessCommandLine contains "๐Ÿคฐ" or TargetProcessCommandLine contains "๐Ÿซ„" or TargetProcessCommandLine contains "๐Ÿซƒ" or TargetProcessCommandLine contains "๐Ÿคฑ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ™‡โ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ™‡" or TargetProcessCommandLine contains "๐Ÿ™‡โ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ’โ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ’" or TargetProcessCommandLine contains "๐Ÿ’โ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ™…โ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ™…" or TargetProcessCommandLine contains "๐Ÿ™…โ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ™†โ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ™†" or TargetProcessCommandLine contains "๐Ÿ™†โ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ™‹โ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ™‹" or TargetProcessCommandLine contains "๐Ÿ™‹โ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿงโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง" or TargetProcessCommandLine contains "๐Ÿงโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿคฆโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿคฆ" or TargetProcessCommandLine contains "๐Ÿคฆโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿคทโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿคท" or TargetProcessCommandLine contains "๐Ÿคทโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ™Žโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ™Ž" or TargetProcessCommandLine contains "๐Ÿ™Žโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ™โ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ™" or TargetProcessCommandLine contains "๐Ÿ™โ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ’‡โ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ’‡" or TargetProcessCommandLine contains "๐Ÿ’‡โ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ’†โ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ’†" or TargetProcessCommandLine contains "๐Ÿ’†โ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿง–โ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง–" or TargetProcessCommandLine contains "๐Ÿง–โ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ’…" or TargetProcessCommandLine contains "๐Ÿ’ƒ" or TargetProcessCommandLine contains "๐Ÿ•บ" or TargetProcessCommandLine contains "๐Ÿ‘ฏโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฏ" or TargetProcessCommandLine contains "๐Ÿ‘ฏโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ•ด" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿฆฝ" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿฆฝ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿฆฝ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿฆผ" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿฆผ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿฆผ" or TargetProcessCommandLine contains "๐Ÿšถโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿšถ" or TargetProcessCommandLine contains "๐Ÿšถโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿฆฏ" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿฆฏ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿฆฏ" or TargetProcessCommandLine contains "๐ŸงŽโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐ŸงŽ" or TargetProcessCommandLine contains "๐ŸงŽโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿƒโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿƒ" or TargetProcessCommandLine contains "๐Ÿƒโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿงโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง" or TargetProcessCommandLine contains "๐Ÿงโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ญ" or TargetProcessCommandLine contains "๐Ÿง‘โ€๐Ÿคโ€๐Ÿง‘" or TargetProcessCommandLine contains "๐Ÿ‘ฌ" or TargetProcessCommandLine contains "๐Ÿ‘ซ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€โค๏ธโ€๐Ÿ‘ฉ" or TargetProcessCommandLine contains "๐Ÿ’‘" or TargetProcessCommandLine contains "๐Ÿ‘จโ€โค๏ธโ€๐Ÿ‘จ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€โค๏ธโ€๐Ÿ‘จ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€โค๏ธโ€๐Ÿ’‹โ€๐Ÿ‘ฉ" or TargetProcessCommandLine contains "๐Ÿ’" or TargetProcessCommandLine contains "๐Ÿ‘จโ€โค๏ธโ€๐Ÿ’‹โ€๐Ÿ‘จ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€โค๏ธโ€๐Ÿ’‹โ€๐Ÿ‘จ" or TargetProcessCommandLine contains "๐Ÿ‘ช" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘ฆ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘ง" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘ฆโ€๐Ÿ‘ฆ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ง" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ‘จโ€๐Ÿ‘ฆ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ‘จโ€๐Ÿ‘ง" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ‘จโ€๐Ÿ‘งโ€๐Ÿ‘ฆ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ‘จโ€๐Ÿ‘ฆโ€๐Ÿ‘ฆ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ‘จโ€๐Ÿ‘งโ€๐Ÿ‘ง" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿ‘ฉโ€๐Ÿ‘ฆ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿ‘ฉโ€๐Ÿ‘ง" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿ‘ฉโ€๐Ÿ‘ฆโ€๐Ÿ‘ฆ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ง" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ‘ฆ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ‘ฆโ€๐Ÿ‘ฆ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ‘ง" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ‘งโ€๐Ÿ‘ฆ" or TargetProcessCommandLine contains "๐Ÿ‘จโ€๐Ÿ‘งโ€๐Ÿ‘ง" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿ‘ฆ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿ‘ฆโ€๐Ÿ‘ฆ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿ‘ง" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ" or TargetProcessCommandLine contains "๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ง" or TargetProcessCommandLine contains "๐Ÿ—ฃ" or TargetProcessCommandLine contains "๐Ÿ‘ค" or TargetProcessCommandLine contains "๐Ÿ‘ฅ" or TargetProcessCommandLine contains "๐Ÿซ‚" or TargetProcessCommandLine contains "๐Ÿงณ" or TargetProcessCommandLine contains "๐ŸŒ‚" or TargetProcessCommandLine contains "โ˜‚๏ธ" or TargetProcessCommandLine contains "๐Ÿงต" or TargetProcessCommandLine contains "๐Ÿชก" or TargetProcessCommandLine contains "๐Ÿชข" or TargetProcessCommandLine contains "๐Ÿงถ" or TargetProcessCommandLine contains "๐Ÿ‘“" or TargetProcessCommandLine contains "๐Ÿ•ถ" or TargetProcessCommandLine contains "๐Ÿฅฝ" or TargetProcessCommandLine contains "๐Ÿฅผ" or TargetProcessCommandLine contains "๐Ÿฆบ" or TargetProcessCommandLine contains "๐Ÿ‘”" or TargetProcessCommandLine contains "๐Ÿ‘•" or TargetProcessCommandLine contains "๐Ÿ‘–" or TargetProcessCommandLine contains "๐Ÿงฃ" or TargetProcessCommandLine contains "๐Ÿงค" or TargetProcessCommandLine contains "๐Ÿงฅ" or TargetProcessCommandLine contains "๐Ÿงฆ" or TargetProcessCommandLine contains "๐Ÿ‘—" or TargetProcessCommandLine contains "๐Ÿ‘˜" or TargetProcessCommandLine contains "๐Ÿฅป" or TargetProcessCommandLine contains "๐Ÿฉด" or TargetProcessCommandLine contains "๐Ÿฉฑ" or TargetProcessCommandLine contains "๐Ÿฉฒ" or TargetProcessCommandLine contains "๐Ÿฉณ" or TargetProcessCommandLine contains "๐Ÿ‘™" or TargetProcessCommandLine contains "๐Ÿ‘š" or TargetProcessCommandLine contains "๐Ÿ‘›" or TargetProcessCommandLine contains "๐Ÿ‘œ" or TargetProcessCommandLine contains "๐Ÿ‘" or TargetProcessCommandLine contains "๐ŸŽ’" or TargetProcessCommandLine contains "๐Ÿ‘ž" or TargetProcessCommandLine contains "๐Ÿ‘Ÿ" or TargetProcessCommandLine contains "๐Ÿฅพ" or TargetProcessCommandLine contains "๐Ÿฅฟ" or TargetProcessCommandLine contains "๐Ÿ‘ " or TargetProcessCommandLine contains "๐Ÿ‘ก" or TargetProcessCommandLine contains "๐Ÿฉฐ" or TargetProcessCommandLine contains "๐Ÿ‘ข" or TargetProcessCommandLine contains "๐Ÿ‘‘" or TargetProcessCommandLine contains "๐Ÿ‘’" or TargetProcessCommandLine contains "๐ŸŽฉ" or TargetProcessCommandLine contains "๐ŸŽ“" or TargetProcessCommandLine contains "๐Ÿงข" or TargetProcessCommandLine contains "โ›‘" or TargetProcessCommandLine contains "๐Ÿช–" or TargetProcessCommandLine contains "๐Ÿ’„" or TargetProcessCommandLine contains "๐Ÿ’" or TargetProcessCommandLine contains "๐Ÿ’ผ" or TargetProcessCommandLine contains "๐Ÿ‘‹๐Ÿป" or TargetProcessCommandLine contains "๐Ÿคš๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ–๐Ÿป" or TargetProcessCommandLine contains "โœ‹๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ––๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘Œ๐Ÿป" or TargetProcessCommandLine contains "๐ŸคŒ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿค๐Ÿป" or TargetProcessCommandLine contains "โœŒ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿคž๐Ÿป" or TargetProcessCommandLine contains "๐Ÿซฐ๐Ÿป" or TargetProcessCommandLine contains "๐ŸคŸ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿค˜๐Ÿป" or TargetProcessCommandLine contains "๐Ÿค™๐Ÿป" or TargetProcessCommandLine contains "๐Ÿซต๐Ÿป" or TargetProcessCommandLine contains "๐Ÿซฑ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿซฒ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿซณ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿซด๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ˆ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘‰๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘†๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ–•๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘‡๐Ÿป" or TargetProcessCommandLine contains "โ˜๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘Ž๐Ÿป" or TargetProcessCommandLine contains "โœŠ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘Š๐Ÿป" or TargetProcessCommandLine contains "๐Ÿค›๐Ÿป" or TargetProcessCommandLine contains "๐Ÿคœ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘๐Ÿป" or TargetProcessCommandLine contains "๐Ÿซถ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ™Œ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘๐Ÿป" or TargetProcessCommandLine contains "๐Ÿคฒ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ™๐Ÿป" or TargetProcessCommandLine contains "โœ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ’ช๐Ÿป" or TargetProcessCommandLine contains "๐Ÿฆต๐Ÿป" or TargetProcessCommandLine contains "๐Ÿฆถ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘‚๐Ÿป" or TargetProcessCommandLine contains "๐Ÿฆป๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ƒ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ถ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ง๐Ÿป" or TargetProcessCommandLine contains "๐Ÿง’๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ฆ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐Ÿฆฑ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿฆฑ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐Ÿฆฑ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐Ÿฆฐ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿฆฐ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐Ÿฆฐ" or TargetProcessCommandLine contains "๐Ÿ‘ฑ๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฑ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ฑ๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐Ÿฆณ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿฆณ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐Ÿฆณ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐Ÿฆฒ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿฆฒ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐Ÿฆฒ" or TargetProcessCommandLine contains "๐Ÿง”๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง”๐Ÿป" or TargetProcessCommandLine contains "๐Ÿง”๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ต๐Ÿป" or TargetProcessCommandLine contains "๐Ÿง“๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ด๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ฒ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ณ๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ณ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ณ๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿง•๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ฎ๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฎ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ฎ๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ท๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ท๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ท๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ’‚๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ’‚๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ’‚๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ•ต๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ•ต๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ•ต๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€โš•๏ธ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€โš•๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€โš•๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐ŸŒพ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐ŸŒพ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐ŸŒพ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐Ÿณ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿณ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐Ÿณ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐ŸŽ“" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐ŸŽ“" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐ŸŽ“" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐ŸŽค" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐ŸŽค" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐ŸŽค" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐Ÿซ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿซ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐Ÿซ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐Ÿญ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿญ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐Ÿญ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐Ÿ’ป" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿ’ป" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐Ÿ’ป" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐Ÿ’ผ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿ’ผ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐Ÿ’ผ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐Ÿ”ง" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿ”ง" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐Ÿ”ง" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐Ÿ”ฌ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿ”ฌ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐Ÿ”ฌ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐ŸŽจ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐ŸŽจ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐ŸŽจ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐Ÿš’" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿš’" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐Ÿš’" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€โœˆ๏ธ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€โœˆ๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€โœˆ๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐Ÿš€" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿš€" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐Ÿš€" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€โš–๏ธ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€โš–๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€โš–๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฐ๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฐ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ฐ๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿคต๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿคต๐Ÿป" or TargetProcessCommandLine contains "๐Ÿคต๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ธ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿซ…๐Ÿป" or TargetProcessCommandLine contains "๐Ÿคด๐Ÿป" or TargetProcessCommandLine contains "๐Ÿฅท๐Ÿป" or TargetProcessCommandLine contains "๐Ÿฆธ๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿฆธ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿฆธ๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿฆน๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿฆน๐Ÿป" or TargetProcessCommandLine contains "๐Ÿฆน๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿคถ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐ŸŽ„" or TargetProcessCommandLine contains "๐ŸŽ…๐Ÿป" or TargetProcessCommandLine contains "๐Ÿง™๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง™๐Ÿป" or TargetProcessCommandLine contains "๐Ÿง™๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿง๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง๐Ÿป" or TargetProcessCommandLine contains "๐Ÿง๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿง›๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง›๐Ÿป" or TargetProcessCommandLine contains "๐Ÿง›๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿงœ๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿงœ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿงœ๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿงš๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿงš๐Ÿป" or TargetProcessCommandLine contains "๐Ÿงš๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ผ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿคฐ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿซ„๐Ÿป" or TargetProcessCommandLine contains "๐Ÿซƒ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿคฑ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ™‡๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ™‡๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ™‡๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ’๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ’๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ’๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ™…๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ™…๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ™…๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ™†๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ™†๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ™†๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ™‹๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ™‹๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ™‹๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿง๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง๐Ÿป" or TargetProcessCommandLine contains "๐Ÿง๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿคฆ๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿคฆ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿคฆ๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿคท๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿคท๐Ÿป" or TargetProcessCommandLine contains "๐Ÿคท๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ™Ž๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ™Ž๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ™Ž๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ™๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ™๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ™๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ’‡๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ’‡๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ’‡๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ’†๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ’†๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ’†๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿง–๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง–๐Ÿป" or TargetProcessCommandLine contains "๐Ÿง–๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ’ƒ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ•บ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ•ด๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐Ÿฆฝ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿฆฝ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐Ÿฆฝ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐Ÿฆผ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿฆผ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐Ÿฆผ" or TargetProcessCommandLine contains "๐Ÿšถ๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿšถ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿšถ๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿปโ€๐Ÿฆฏ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿฆฏ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿปโ€๐Ÿฆฏ" or TargetProcessCommandLine contains "๐ŸงŽ๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐ŸงŽ๐Ÿป" or TargetProcessCommandLine contains "๐ŸงŽ๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿƒ๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿƒ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿƒ๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿง๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง๐Ÿป" or TargetProcessCommandLine contains "๐Ÿง๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ญ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿปโ€๐Ÿคโ€๐Ÿง‘๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ฌ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘ซ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿง—๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง—๐Ÿป" or TargetProcessCommandLine contains "๐Ÿง—๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‡๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‚๐Ÿป" or TargetProcessCommandLine contains "๐ŸŒ๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐ŸŒ๐Ÿป" or TargetProcessCommandLine contains "๐ŸŒ๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ„๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ„๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ„๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿšฃ๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿšฃ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿšฃ๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐ŸŠ๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐ŸŠ๐Ÿป" or TargetProcessCommandLine contains "๐ŸŠ๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "โ›น๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "โ›น๐Ÿป" or TargetProcessCommandLine contains "โ›น๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‹๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ‹๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‹๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿšด๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿšด๐Ÿป" or TargetProcessCommandLine contains "๐Ÿšด๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿšต๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿšต๐Ÿป" or TargetProcessCommandLine contains "๐Ÿšต๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿคธ๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿคธ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿคธ๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿคฝ๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿคฝ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿคฝ๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿคพ๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿคพ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿคพ๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿคน๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿคน๐Ÿป" or TargetProcessCommandLine contains "๐Ÿคน๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿง˜๐Ÿปโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง˜๐Ÿป" or TargetProcessCommandLine contains "๐Ÿง˜๐Ÿปโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ›€๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ›Œ๐Ÿป" or TargetProcessCommandLine contains "๐Ÿ‘‹๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿคš๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ–๐Ÿผ" or TargetProcessCommandLine contains "โœ‹๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ––๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘Œ๐Ÿผ" or TargetProcessCommandLine contains "๐ŸคŒ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿค๐Ÿผ" or TargetProcessCommandLine contains "โœŒ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿคž๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿซฐ๐Ÿผ" or TargetProcessCommandLine contains "๐ŸคŸ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿค˜๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿค™๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿซต๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿซฑ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿซฒ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿซณ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿซด๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘ˆ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘‰๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘†๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ–•๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘‡๐Ÿผ" or TargetProcessCommandLine contains "โ˜๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘Ž๐Ÿผ" or TargetProcessCommandLine contains "โœŠ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘Š๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿค›๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿคœ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿซถ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ™Œ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿคฒ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ™๐Ÿผ" or TargetProcessCommandLine contains "โœ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ’ช๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿฆต๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿฆถ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘‚๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿฆป๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘ƒ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘ถ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘ง๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿง’๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘ฆ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐Ÿฆฑ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐Ÿฆฑ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐Ÿฆฑ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐Ÿฆฐ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐Ÿฆฐ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐Ÿฆฐ" or TargetProcessCommandLine contains "๐Ÿ‘ฑ๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฑ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘ฑ๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐Ÿฆณ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐Ÿฆณ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐Ÿฆณ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐Ÿฆฒ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐Ÿฆฒ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐Ÿฆฒ" or TargetProcessCommandLine contains "๐Ÿง”๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง”๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿง”๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ต๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿง“๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘ด๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘ฒ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘ณ๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ณ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘ณ๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿง•๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘ฎ๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฎ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘ฎ๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ท๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ท๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘ท๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ’‚๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ’‚๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ’‚๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ•ต๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ•ต๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ•ต๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€โš•๏ธ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€โš•๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€โš•๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐ŸŒพ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐ŸŒพ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐ŸŒพ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐Ÿณ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐Ÿณ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐Ÿณ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐ŸŽ“" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐ŸŽ“" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐ŸŽ“" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐ŸŽค" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐ŸŽค" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐ŸŽค" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐Ÿซ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐Ÿซ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐Ÿซ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐Ÿญ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐Ÿญ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐Ÿญ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐Ÿ’ป" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐Ÿ’ป" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐Ÿ’ป" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐Ÿ’ผ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐Ÿ’ผ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐Ÿ’ผ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐Ÿ”ง" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐Ÿ”ง" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐Ÿ”ง" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐Ÿ”ฌ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐Ÿ”ฌ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐Ÿ”ฌ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐ŸŽจ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐ŸŽจ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐ŸŽจ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐Ÿš’" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐Ÿš’" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐Ÿš’" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€โœˆ๏ธ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€โœˆ๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€โœˆ๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐Ÿš€" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐Ÿš€" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐Ÿš€" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€โš–๏ธ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€โš–๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€โš–๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฐ๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ฐ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘ฐ๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿคต๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿคต๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿคต๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ธ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿซ…๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿคด๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿฅท๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿฆธ๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿฆธ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿฆธ๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿฆน๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿฆน๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿฆน๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿคถ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐ŸŽ„" or TargetProcessCommandLine contains "๐ŸŽ…๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿง™๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง™๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿง™๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿง๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿง๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿง›๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง›๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿง›๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿงœ๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿงœ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿงœ๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿงš๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿงš๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿงš๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ‘ผ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿคฐ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿซ„๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿซƒ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿคฑ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘ฉ๐Ÿผโ€๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿง‘๐Ÿผโ€๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ‘จ๐Ÿผโ€๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ™‡๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ™‡๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ™‡๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ’๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ’๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ’๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ™…๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ™…๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ™…๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ™†๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ™†๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ™†๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿ™‹๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿ™‹๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿ™‹๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿง๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿง๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿง๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿคฆ๐Ÿผโ€โ™€๏ธ" or TargetProcessCommandLine contains "๐Ÿคฆ๐Ÿผ" or TargetProcessCommandLine contains "๐Ÿคฆ๐Ÿผโ€โ™‚๏ธ" or TargetProcessCommandLine contains "๐Ÿคท๐Ÿผโ€โ™€๏ธ"

Required Data Sources

Sentinel TableNotes
imProcessCreateEnsure this data connector is enabled

False Positive Guidance

References

Original source: https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_susp_emoji_usage_in_cli_1.yml