modiloader | 6701a519dca5bfe80c0db302f50c0edb67bdb48f3feb2569e19eae2c1c9d6cbf

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics.exe
Size

35KB
MD5

ce9417db64112d36f1d37ae65e499be0
SHA1

05f2e7b62266060d9dbc8c3cb324faedb4b9c6de
SHA256

6701a519dca5bfe80c0db302f50c0edb67bdb48f3feb2569e19eae2c1c9d6cbf
SHA512

0e2b9f308973eaacaf5e1e5bb53bea461e39fd993df802cb736af0680057ee8a276de8f31a06d8e017a5e0c0f922dd2fefd0aa09cddc1825e29ead98938c0120
SSDEEP

768:gTQ2WueGXbvqpBG2VVaa+FaaY0WOy5v7M73G/LyEllVTB:kQ2cwbKQYVx+8apYv7uoLhlVTB

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 64 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2320-1-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/1352-16-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/1352-15-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/1352-20-0x00000000002C0000-0x00000000002E5000-memory.dmp	modiloader_stage2
behavioral1/memory/1092-24-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2600-27-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2320-29-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2600-30-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/1352-39-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2584-38-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2584-36-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2584-35-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2668-55-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2712-65-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2584-64-0x0000000000430000-0x0000000000455000-memory.dmp	modiloader_stage2
behavioral1/memory/2612-71-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2668-74-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2544-82-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2404-84-0x0000000000230000-0x0000000000255000-memory.dmp	modiloader_stage2
behavioral1/memory/2356-89-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2420-97-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2404-103-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2404-106-0x0000000000230000-0x0000000000255000-memory.dmp	modiloader_stage2
behavioral1/memory/2416-109-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/552-112-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/572-119-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/1980-134-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/808-133-0x0000000000230000-0x0000000000255000-memory.dmp	modiloader_stage2
behavioral1/memory/584-130-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/1980-139-0x0000000000230000-0x0000000000255000-memory.dmp	modiloader_stage2
behavioral1/memory/2416-140-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2692-143-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2416-142-0x0000000000240000-0x0000000000265000-memory.dmp	modiloader_stage2
behavioral1/memory/2204-144-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2688-146-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2692-145-0x0000000000230000-0x0000000000255000-memory.dmp	modiloader_stage2
behavioral1/memory/808-149-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/916-152-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/1848-150-0x0000000000260000-0x0000000000285000-memory.dmp	modiloader_stage2
behavioral1/memory/2688-148-0x0000000000430000-0x0000000000455000-memory.dmp	modiloader_stage2
behavioral1/memory/2184-155-0x0000000000240000-0x0000000000265000-memory.dmp	modiloader_stage2
behavioral1/memory/1964-158-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2204-160-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2204-162-0x00000000001D0000-0x00000000001F5000-memory.dmp	modiloader_stage2
behavioral1/memory/1848-165-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/1648-163-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2184-167-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/1848-168-0x0000000000260000-0x0000000000285000-memory.dmp	modiloader_stage2
behavioral1/memory/2184-170-0x0000000000240000-0x0000000000265000-memory.dmp	modiloader_stage2
behavioral1/memory/952-172-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2192-173-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/1644-177-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/1588-180-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/1992-181-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2260-184-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/856-186-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2744-188-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2160-190-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/684-192-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2920-194-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/3012-197-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/604-199-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2976-201-0x0000000000400000-0x0000000000425000-memory.dmp	modiloader_stage2
behavioral1/memory/2964-202-0x00000000001C0000-0x00000000001E5000-memory.dmp	modiloader_stage2

Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

5612 cmd.exe

pid	process
5612	cmd.exe

Executes dropped EXE 64 IoCs

Processes:

Launcher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exe

pid	process
1352	Launcher.exe
1092	Launcher.exe
2600	Launcher.exe
2584	Launcher.exe
2712	Launcher.exe
2612	Launcher.exe
2668	Launcher.exe
2544	Launcher.exe
2356	Launcher.exe
2420	Launcher.exe
2404	Launcher.exe
552	Launcher.exe
572	Launcher.exe
584	Launcher.exe
1980	Launcher.exe
2416	Launcher.exe
2692	Launcher.exe
2688	Launcher.exe
808	Launcher.exe
916	Launcher.exe
1964	Launcher.exe
2204	Launcher.exe
1848	Launcher.exe
2184	Launcher.exe
952	Launcher.exe
2192	Launcher.exe
1648	Launcher.exe
1644	Launcher.exe
1588	Launcher.exe
1992	Launcher.exe
2260	Launcher.exe
856	Launcher.exe
2744	Launcher.exe
2160	Launcher.exe
684	Launcher.exe
2920	Launcher.exe
3012	Launcher.exe
604	Launcher.exe
2976	Launcher.exe
820	Launcher.exe
400	Launcher.exe
2980	Launcher.exe
2964	Launcher.exe
2024	Launcher.exe
1104	Launcher.exe
1576	Launcher.exe
988	Launcher.exe
2572	Launcher.exe
1888	Launcher.exe
1940	Launcher.exe
2828	Launcher.exe
1892	Launcher.exe
1332	Launcher.exe
2912	Launcher.exe
2760	Launcher.exe
2284	Launcher.exe
2092	Launcher.exe
2304	Launcher.exe
2892	Launcher.exe
2820	Launcher.exe
1732	Launcher.exe
2008	Launcher.exe
884	Launcher.exe
2300	Launcher.exe

Loads dropped DLL 64 IoCs

Processes:

ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exe

pid	process
2320	ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics.exe
2320	ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics.exe
1352	Launcher.exe
1352	Launcher.exe
1092	Launcher.exe
1092	Launcher.exe
2600	Launcher.exe
2600	Launcher.exe
2584	Launcher.exe
2584	Launcher.exe
2712	Launcher.exe
2712	Launcher.exe
2612	Launcher.exe
2612	Launcher.exe
2668	Launcher.exe
2668	Launcher.exe
2544	Launcher.exe
2544	Launcher.exe
2356	Launcher.exe
2356	Launcher.exe
2420	Launcher.exe
2420	Launcher.exe
2404	Launcher.exe
2404	Launcher.exe
552	Launcher.exe
552	Launcher.exe
572	Launcher.exe
572	Launcher.exe
584	Launcher.exe
584	Launcher.exe
1980	Launcher.exe
1980	Launcher.exe
2416	Launcher.exe
2416	Launcher.exe
2692	Launcher.exe
2692	Launcher.exe
2688	Launcher.exe
2688	Launcher.exe
808	Launcher.exe
808	Launcher.exe
916	Launcher.exe
916	Launcher.exe
1964	Launcher.exe
1964	Launcher.exe
2204	Launcher.exe
2204	Launcher.exe
1848	Launcher.exe
1848	Launcher.exe
2184	Launcher.exe
2184	Launcher.exe
952	Launcher.exe
952	Launcher.exe
2192	Launcher.exe
2192	Launcher.exe
1648	Launcher.exe
1648	Launcher.exe
1644	Launcher.exe
1644	Launcher.exe
1588	Launcher.exe
1588	Launcher.exe
1992	Launcher.exe
1992	Launcher.exe
2260	Launcher.exe
2260	Launcher.exe

Drops file in System32 directory 64 IoCs

Processes:

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File created	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File created	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File created	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File created	C:\Windows\SysWOW64\Launcher.exe	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe
File opened for modification	C:\Windows\SysWOW64\$$a.bat	Launcher.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exeLauncher.exe

description	pid	process	target process
PID 2320 wrote to memory of 1352	2320	ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics.exe	Launcher.exe
PID 2320 wrote to memory of 1352	2320	ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics.exe	Launcher.exe
PID 2320 wrote to memory of 1352	2320	ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics.exe	Launcher.exe
PID 2320 wrote to memory of 1352	2320	ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics.exe	Launcher.exe
PID 2320 wrote to memory of 1352	2320	ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics.exe	Launcher.exe
PID 2320 wrote to memory of 1352	2320	ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics.exe	Launcher.exe
PID 2320 wrote to memory of 1352	2320	ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics.exe	Launcher.exe
PID 1352 wrote to memory of 1092	1352	Launcher.exe	Launcher.exe
PID 1352 wrote to memory of 1092	1352	Launcher.exe	Launcher.exe
PID 1352 wrote to memory of 1092	1352	Launcher.exe	Launcher.exe
PID 1352 wrote to memory of 1092	1352	Launcher.exe	Launcher.exe
PID 1352 wrote to memory of 1092	1352	Launcher.exe	Launcher.exe
PID 1352 wrote to memory of 1092	1352	Launcher.exe	Launcher.exe
PID 1352 wrote to memory of 1092	1352	Launcher.exe	Launcher.exe
PID 1092 wrote to memory of 2600	1092	Launcher.exe	Launcher.exe
PID 1092 wrote to memory of 2600	1092	Launcher.exe	Launcher.exe
PID 1092 wrote to memory of 2600	1092	Launcher.exe	Launcher.exe
PID 1092 wrote to memory of 2600	1092	Launcher.exe	Launcher.exe
PID 1092 wrote to memory of 2600	1092	Launcher.exe	Launcher.exe
PID 1092 wrote to memory of 2600	1092	Launcher.exe	Launcher.exe
PID 1092 wrote to memory of 2600	1092	Launcher.exe	Launcher.exe
PID 2600 wrote to memory of 2584	2600	Launcher.exe	Launcher.exe
PID 2600 wrote to memory of 2584	2600	Launcher.exe	Launcher.exe
PID 2600 wrote to memory of 2584	2600	Launcher.exe	Launcher.exe
PID 2600 wrote to memory of 2584	2600	Launcher.exe	Launcher.exe
PID 2600 wrote to memory of 2584	2600	Launcher.exe	Launcher.exe
PID 2600 wrote to memory of 2584	2600	Launcher.exe	Launcher.exe
PID 2600 wrote to memory of 2584	2600	Launcher.exe	Launcher.exe
PID 2584 wrote to memory of 2712	2584	Launcher.exe	Launcher.exe
PID 2584 wrote to memory of 2712	2584	Launcher.exe	Launcher.exe
PID 2584 wrote to memory of 2712	2584	Launcher.exe	Launcher.exe
PID 2584 wrote to memory of 2712	2584	Launcher.exe	Launcher.exe
PID 2584 wrote to memory of 2712	2584	Launcher.exe	Launcher.exe
PID 2584 wrote to memory of 2712	2584	Launcher.exe	Launcher.exe
PID 2584 wrote to memory of 2712	2584	Launcher.exe	Launcher.exe
PID 2712 wrote to memory of 2612	2712	Launcher.exe	Launcher.exe
PID 2712 wrote to memory of 2612	2712	Launcher.exe	Launcher.exe
PID 2712 wrote to memory of 2612	2712	Launcher.exe	Launcher.exe
PID 2712 wrote to memory of 2612	2712	Launcher.exe	Launcher.exe
PID 2712 wrote to memory of 2612	2712	Launcher.exe	Launcher.exe
PID 2712 wrote to memory of 2612	2712	Launcher.exe	Launcher.exe
PID 2712 wrote to memory of 2612	2712	Launcher.exe	Launcher.exe
PID 2612 wrote to memory of 2668	2612	Launcher.exe	Launcher.exe
PID 2612 wrote to memory of 2668	2612	Launcher.exe	Launcher.exe
PID 2612 wrote to memory of 2668	2612	Launcher.exe	Launcher.exe
PID 2612 wrote to memory of 2668	2612	Launcher.exe	Launcher.exe
PID 2612 wrote to memory of 2668	2612	Launcher.exe	Launcher.exe
PID 2612 wrote to memory of 2668	2612	Launcher.exe	Launcher.exe
PID 2612 wrote to memory of 2668	2612	Launcher.exe	Launcher.exe
PID 2668 wrote to memory of 2544	2668	Launcher.exe	Launcher.exe
PID 2668 wrote to memory of 2544	2668	Launcher.exe	Launcher.exe
PID 2668 wrote to memory of 2544	2668	Launcher.exe	Launcher.exe
PID 2668 wrote to memory of 2544	2668	Launcher.exe	Launcher.exe
PID 2668 wrote to memory of 2544	2668	Launcher.exe	Launcher.exe
PID 2668 wrote to memory of 2544	2668	Launcher.exe	Launcher.exe
PID 2668 wrote to memory of 2544	2668	Launcher.exe	Launcher.exe
PID 2544 wrote to memory of 2356	2544	Launcher.exe	Launcher.exe
PID 2544 wrote to memory of 2356	2544	Launcher.exe	Launcher.exe
PID 2544 wrote to memory of 2356	2544	Launcher.exe	Launcher.exe
PID 2544 wrote to memory of 2356	2544	Launcher.exe	Launcher.exe
PID 2544 wrote to memory of 2356	2544	Launcher.exe	Launcher.exe
PID 2544 wrote to memory of 2356	2544	Launcher.exe	Launcher.exe
PID 2544 wrote to memory of 2356	2544	Launcher.exe	Launcher.exe
PID 2356 wrote to memory of 2420	2356	Launcher.exe	Launcher.exe

C:\Users\Admin\AppData\Local\Temp\ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2320

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1352

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1092

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2600

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2584

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2712

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2612

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2668

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2544

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2356

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
11⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2420

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
12⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2404

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
13⤵
- Executes dropped EXE
- Loads dropped DLL
PID:552

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
14⤵
- Executes dropped EXE
- Loads dropped DLL
PID:572

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
15⤵
- Executes dropped EXE
- Loads dropped DLL
PID:584

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
16⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1980

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
17⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:2416

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
18⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2692

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
19⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2688

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
20⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:808

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
21⤵
- Executes dropped EXE
- Loads dropped DLL
PID:916

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
22⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1964

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
23⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2204

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
24⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1848

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
25⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2184

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
26⤵
- Executes dropped EXE
- Loads dropped DLL
PID:952

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
27⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:2192

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
28⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:1648

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
29⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1644

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
30⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1588

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
31⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1992

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
32⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2260

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
33⤵
- Executes dropped EXE
PID:856

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
34⤵
- Executes dropped EXE
PID:2744

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
35⤵
- Executes dropped EXE
PID:2160

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
36⤵
- Executes dropped EXE
PID:684

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
37⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:2920

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
38⤵
- Executes dropped EXE
PID:3012

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
39⤵
- Executes dropped EXE
PID:604

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
40⤵
- Executes dropped EXE
PID:2976

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
41⤵
- Executes dropped EXE
PID:820

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
42⤵
- Executes dropped EXE
PID:400

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
43⤵
- Executes dropped EXE
PID:2980

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
44⤵
- Executes dropped EXE
PID:2964

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
45⤵
- Executes dropped EXE
PID:2024

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
46⤵
- Executes dropped EXE
PID:1104

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
47⤵
- Executes dropped EXE
PID:1576

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
48⤵
- Executes dropped EXE
PID:988

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
49⤵
- Executes dropped EXE
PID:2572

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
50⤵
- Executes dropped EXE
PID:1888

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
51⤵
- Executes dropped EXE
PID:1940

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
52⤵
- Executes dropped EXE
PID:2828

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
53⤵
- Executes dropped EXE
PID:1892

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
54⤵
- Executes dropped EXE
PID:1332

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
55⤵
- Executes dropped EXE
PID:2912

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
56⤵
- Executes dropped EXE
PID:2760

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
57⤵
- Executes dropped EXE
PID:2284

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
58⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:2092

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
59⤵
- Executes dropped EXE
PID:2304

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
60⤵
- Executes dropped EXE
PID:2892

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
61⤵
- Executes dropped EXE
PID:2820

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
62⤵
- Executes dropped EXE
PID:1732

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
63⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:2008

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
64⤵
- Executes dropped EXE
PID:884

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
65⤵
- Executes dropped EXE
PID:2300

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
66⤵
PID:2188

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
67⤵
PID:2136

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
68⤵
PID:1620

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
69⤵
PID:1708

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
70⤵
PID:2632

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
71⤵
PID:3036

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
72⤵
PID:2884

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
73⤵
PID:2500

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
74⤵
PID:2592

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
75⤵
PID:2512

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
76⤵
PID:2364

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
77⤵
PID:2516

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
78⤵
PID:2560

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
79⤵
PID:2652

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
80⤵
PID:2636

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
81⤵
PID:2412

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
82⤵
- Drops file in System32 directory
PID:2468

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
83⤵
PID:2004

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
84⤵
PID:2388

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
85⤵
PID:2400

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
86⤵
PID:2816

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
87⤵
PID:2804

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
88⤵
PID:1052

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
89⤵
PID:1048

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
90⤵
- Drops file in System32 directory
PID:1496

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
91⤵
PID:1168

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
92⤵
PID:1060

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
93⤵
- Drops file in System32 directory
PID:372

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
94⤵
PID:2576

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
95⤵
PID:2680

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
96⤵
PID:2664

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
97⤵
PID:1880

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
98⤵
PID:1456

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
99⤵
PID:1040

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
100⤵
- Drops file in System32 directory
PID:2020

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
101⤵
PID:2312

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
102⤵
PID:1484

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
103⤵
PID:2228

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
104⤵
PID:1768

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
105⤵
PID:1728

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
106⤵
PID:1704

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
107⤵
PID:1608

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
108⤵
PID:2196

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
109⤵
PID:1988

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
110⤵
PID:468

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
111⤵
PID:1324

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
112⤵
PID:1304

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
113⤵
PID:2144

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
114⤵
PID:3052

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
115⤵
PID:2028

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
116⤵
- Drops file in System32 directory
PID:1856

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
117⤵
PID:1404

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
118⤵
PID:1852

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
119⤵
PID:2836

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
120⤵
- Drops file in System32 directory
PID:908

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
121⤵
PID:1328

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
122⤵
PID:1688

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
123⤵
- Drops file in System32 directory
PID:2296

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
124⤵
PID:2220

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
125⤵
PID:2068

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
126⤵
PID:2332

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
127⤵
PID:108

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
128⤵
PID:1524

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
129⤵
- Drops file in System32 directory
PID:2324

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
130⤵
PID:3024

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
131⤵
PID:2088

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
132⤵
PID:2112

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
133⤵
PID:2860

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
134⤵
- Drops file in System32 directory
PID:2504

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
135⤵
PID:2728

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
136⤵
PID:2472

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
137⤵
PID:2552

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
138⤵
PID:3028

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
139⤵
PID:2372

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
140⤵
PID:1760

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
141⤵
- Drops file in System32 directory
PID:2268

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
142⤵
PID:1512

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
143⤵
PID:1532

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
144⤵
PID:2328

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
145⤵
PID:2648

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
146⤵
PID:2772

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
147⤵
PID:2224

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
148⤵
PID:1972

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
149⤵
PID:1044

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
150⤵
PID:3040

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
151⤵
PID:936

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
152⤵
PID:816

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
153⤵
PID:324

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
154⤵
PID:528

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
155⤵
PID:2080

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
156⤵
PID:2156

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
157⤵
PID:1392

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
158⤵
PID:1564

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
159⤵
- Drops file in System32 directory
PID:1072

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
160⤵
PID:2756

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
161⤵
PID:1272

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
162⤵
PID:2316

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
163⤵
PID:1700

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
164⤵
PID:1212

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
165⤵
PID:2212

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
166⤵
PID:2488

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
167⤵
- Drops file in System32 directory
PID:2660

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
168⤵
PID:2952

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
169⤵
- Drops file in System32 directory
PID:2496

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
170⤵
PID:648

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
171⤵
PID:2672

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
172⤵
PID:3032

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
173⤵
PID:1812

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
174⤵
PID:1960

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
175⤵
PID:2172

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
176⤵
PID:1556

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
177⤵
PID:2540

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
178⤵
PID:1208

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
179⤵
PID:600

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
180⤵
- Drops file in System32 directory
PID:1840

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
181⤵
- Drops file in System32 directory
PID:984

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
182⤵
PID:1844

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
183⤵
PID:2764

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
184⤵
PID:1080

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
185⤵
PID:2732

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
186⤵
PID:2808

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
187⤵
PID:2596

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
188⤵
PID:2624

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
189⤵
PID:2368

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
190⤵
PID:2432

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
191⤵
PID:1032

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
192⤵
PID:2568

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
193⤵
PID:1984

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
194⤵
- Drops file in System32 directory
PID:1616

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
195⤵
PID:2248

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
196⤵
PID:3060

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
197⤵
PID:2832

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
198⤵
- Drops file in System32 directory
PID:1936

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
199⤵
PID:2616

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
200⤵
PID:1480

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
201⤵
- Drops file in System32 directory
PID:848

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
202⤵
PID:956

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
203⤵
PID:1248

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
204⤵
PID:3076

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
205⤵
PID:3088

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
206⤵
PID:3108

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
207⤵
PID:3120

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
208⤵
PID:3132

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
209⤵
PID:3144

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
210⤵
PID:3156

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
211⤵
PID:3168

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
212⤵
PID:3180

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
213⤵
- Drops file in System32 directory
PID:3192

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
214⤵
PID:3204

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
215⤵
PID:3216

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
216⤵
PID:3228

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
217⤵
PID:3240

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
218⤵
PID:3252

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
219⤵
PID:3268

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
220⤵
- Drops file in System32 directory
PID:3280

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
221⤵
PID:3292

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
222⤵
PID:3304

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
223⤵
PID:3316

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
224⤵
PID:3328

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
225⤵
PID:3340

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
226⤵
PID:3352

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
227⤵
PID:3364

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
228⤵
- Drops file in System32 directory
PID:3376

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
229⤵
- Drops file in System32 directory
PID:3388

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
230⤵
PID:3400

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
231⤵
PID:3412

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
232⤵
PID:3424

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
233⤵
PID:3436

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
234⤵
PID:3448

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
235⤵
PID:3460

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
236⤵
PID:3472

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
237⤵
PID:3484

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
238⤵
PID:3496

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
239⤵
PID:3508

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
240⤵
PID:3524

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
241⤵
PID:3536

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
242⤵
PID:3548

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
243⤵
PID:3560

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
244⤵
PID:3572

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
245⤵
- Drops file in System32 directory
PID:3584

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
246⤵
PID:3596

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
247⤵
PID:3608

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
248⤵
- Drops file in System32 directory
PID:3620

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
249⤵
PID:3632

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
250⤵
PID:3644

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
251⤵
PID:3656

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
252⤵
PID:3668

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
253⤵
PID:3680

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
254⤵
PID:3692

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
255⤵
PID:3704

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
256⤵
PID:3716

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
257⤵
PID:3728

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
258⤵
PID:3740

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
259⤵
PID:3752

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
260⤵
- Drops file in System32 directory
PID:3768

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
261⤵
PID:3780

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
262⤵
PID:3792

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
263⤵
- Drops file in System32 directory
PID:3804

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
264⤵
PID:3816

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
265⤵
- Drops file in System32 directory
PID:3828

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
266⤵
PID:3840

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
267⤵
PID:3852

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
268⤵
PID:3864

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
269⤵
PID:3876

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
270⤵
PID:3888

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
271⤵
- Drops file in System32 directory
PID:3900

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
272⤵
PID:3912

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
273⤵
PID:3924

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
274⤵
PID:3936

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
275⤵
PID:3948

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
276⤵
PID:3960

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
277⤵
PID:3972

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
278⤵
PID:3984

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
279⤵
PID:3996

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
280⤵
PID:4008

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
281⤵
PID:4020

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
282⤵
- Drops file in System32 directory
PID:4036

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
283⤵
PID:4048

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
284⤵
PID:4060

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
285⤵
PID:4072

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
286⤵
PID:4084

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
287⤵
PID:940

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
288⤵
PID:3104

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
289⤵
- Drops file in System32 directory
PID:3140

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
290⤵
PID:1012

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
291⤵
PID:2856

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
292⤵
PID:3224

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
293⤵
PID:3264

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
294⤵
- Drops file in System32 directory
PID:3300

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
295⤵
PID:3336

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
296⤵
PID:3372

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
297⤵
PID:3408

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
298⤵
PID:3444

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
299⤵
PID:3468

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
300⤵
PID:3504

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
301⤵
PID:3544

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
302⤵
PID:3580

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
303⤵
PID:3616

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
304⤵
PID:3652

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
305⤵
PID:3688

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
306⤵
PID:3712

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
307⤵
- Drops file in System32 directory
PID:3764

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
308⤵
PID:3800

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
309⤵
PID:3836

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
310⤵
PID:3872

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
311⤵
PID:3908

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
312⤵
PID:3944

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
313⤵
PID:3760

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
314⤵
PID:4004

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
315⤵
PID:4044

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
316⤵
PID:4080

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
317⤵
PID:3100

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
318⤵
PID:3188

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
319⤵
PID:3288

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
320⤵
PID:3396

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
321⤵
PID:1596

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
322⤵
PID:4028

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
323⤵
PID:3640

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
324⤵
PID:3748

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
325⤵
PID:3860

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
326⤵
- Drops file in System32 directory
PID:3992

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
327⤵
- Drops file in System32 directory
PID:3096

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
328⤵
PID:3360

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
329⤵
PID:3532

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
330⤵
PID:3824

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
331⤵
PID:3248

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
332⤵
PID:4068

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
333⤵
PID:4108

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
334⤵
PID:4120

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
335⤵
PID:4132

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
336⤵
PID:4144

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
337⤵
PID:4156

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
338⤵
PID:4180

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
339⤵
PID:4216

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
340⤵
PID:4268

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
341⤵
PID:4280

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
342⤵
PID:4292

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
343⤵
PID:4304

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
344⤵
PID:4316

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
345⤵
PID:4332

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
346⤵
PID:4344

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
347⤵
- Drops file in System32 directory
PID:4360

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
348⤵
PID:4372

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
349⤵
PID:4384

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
350⤵
PID:4396

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
351⤵
PID:4408

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
352⤵
PID:4420

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
353⤵
PID:4432

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
354⤵
PID:4444

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
355⤵
PID:4456

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
356⤵
PID:4468

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
357⤵
PID:4480

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
358⤵
PID:4492

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
359⤵
PID:4504

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
360⤵
PID:4516

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
361⤵
PID:4528

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
362⤵
PID:4540

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
363⤵
PID:4552

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
364⤵
PID:4564

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
365⤵
- Drops file in System32 directory
PID:4576

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
366⤵
PID:4592

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
367⤵
PID:4604

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
368⤵
PID:4616

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
369⤵
PID:4632

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
370⤵
- Drops file in System32 directory
PID:4644

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
371⤵
PID:4656

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
372⤵
PID:4668

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
373⤵
PID:4680

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
374⤵
PID:4692

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
375⤵
PID:4704

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
376⤵
PID:4716

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
377⤵
PID:4728

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
378⤵
PID:4740

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
379⤵
PID:4752

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
380⤵
- Drops file in System32 directory
PID:4764

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
381⤵
PID:4776

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
382⤵
PID:4788

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
383⤵
PID:4800

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
384⤵
PID:4812

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
385⤵
- Drops file in System32 directory
PID:4824

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
386⤵
PID:4836

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
387⤵
PID:4848

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
388⤵
PID:4864

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
389⤵
PID:4876

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
390⤵
PID:4888

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
391⤵
PID:4900

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
392⤵
- Drops file in System32 directory
PID:4912

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
393⤵
PID:4924

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
394⤵
- Drops file in System32 directory
PID:4936

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
395⤵
- Drops file in System32 directory
PID:4948

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
396⤵
PID:4960

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
397⤵
PID:4972

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
398⤵
PID:4984

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
399⤵
PID:4996

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
400⤵
PID:5008

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
401⤵
PID:5020

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
402⤵
PID:5032

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
403⤵
PID:5044

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
404⤵
PID:5056

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
405⤵
PID:5068

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
406⤵
PID:5080

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
407⤵
PID:5092

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
408⤵
- Drops file in System32 directory
PID:5108

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
409⤵
PID:3700

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
410⤵
PID:4128

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
411⤵
- Drops file in System32 directory
PID:4176

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
412⤵
PID:4276

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
413⤵
PID:4300

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
414⤵
PID:4340

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
415⤵
PID:4380

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
416⤵
PID:4416

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
417⤵
PID:4452

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
418⤵
PID:4488

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
419⤵
PID:4524

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
420⤵
PID:4548

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
421⤵
PID:4588

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
422⤵
PID:4612

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
423⤵
PID:4652

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
424⤵
PID:4688

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
425⤵
PID:4724

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
426⤵
PID:4772

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
427⤵
PID:4796

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
428⤵
PID:4832

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
429⤵
PID:4872

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
430⤵
PID:4908

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
431⤵
PID:4944

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
432⤵
PID:4980

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
433⤵
PID:5016

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
434⤵
PID:5040

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
435⤵
PID:5076

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
436⤵
PID:5116

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
437⤵
PID:4264

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
438⤵
PID:4368

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
439⤵
PID:4476

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
440⤵
PID:5100

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
441⤵
PID:4640

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
442⤵
- Drops file in System32 directory
PID:4760

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
443⤵
PID:4896

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
444⤵
PID:5004

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
445⤵
PID:5104

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
446⤵
- Drops file in System32 directory
PID:4536

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
447⤵
PID:4712

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
448⤵
PID:4968

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
449⤵
PID:4624

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
450⤵
PID:5124

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
451⤵
PID:5136

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
452⤵
PID:5148

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
453⤵
PID:5160

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
454⤵
- Drops file in System32 directory
PID:5172

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
455⤵
PID:5184

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
456⤵
PID:5196

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
457⤵
PID:5208

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
458⤵
PID:5220

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
459⤵
PID:5232

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
460⤵
PID:5244

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
461⤵
PID:5256

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
462⤵
PID:5268

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
463⤵
- Drops file in System32 directory
PID:5280

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
464⤵
PID:5292

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
465⤵
PID:5304

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
466⤵
PID:5316

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
467⤵
PID:5332

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
468⤵
PID:5344

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
469⤵
PID:5356

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
470⤵
PID:5368

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
471⤵
PID:5380

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
472⤵
PID:5392

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
473⤵
PID:5404

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
474⤵
PID:5416

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
475⤵
PID:5428

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
476⤵
PID:5440

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
477⤵
PID:5452

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
478⤵
PID:5464

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
479⤵
PID:5476

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
480⤵
PID:5488

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
481⤵
PID:5500

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
482⤵
PID:5512

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
483⤵
PID:5524

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
484⤵
PID:5536

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
485⤵
PID:5548

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
486⤵
PID:5564

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
487⤵
- Drops file in System32 directory
PID:5576

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
488⤵
PID:5644

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
489⤵
PID:5656

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
490⤵
PID:5668

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
491⤵
PID:5728

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
492⤵
PID:5748

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
493⤵
PID:5760

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
494⤵
PID:5864

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
495⤵
PID:5896

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
496⤵
PID:5908

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
497⤵
PID:5936

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
498⤵
PID:6016

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
499⤵
PID:6052

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
500⤵
PID:6096

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
501⤵
PID:6124

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
502⤵
PID:4328

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
503⤵
PID:1952

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
504⤵
PID:5680

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
505⤵
PID:5720

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
506⤵
PID:5756

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
507⤵
PID:5780

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
508⤵
PID:5856

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
509⤵
PID:5832

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
510⤵
PID:5920

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
511⤵
PID:5972

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
512⤵
PID:2612

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
513⤵
PID:6112

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
514⤵
PID:5240

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
515⤵
PID:5312

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
516⤵
PID:6136

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
517⤵
PID:4440

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
518⤵
- Drops file in System32 directory
PID:5340

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
519⤵
PID:5436

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
520⤵
PID:5460

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
521⤵
PID:3020

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
522⤵
PID:5572

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
523⤵
PID:5628

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
524⤵
PID:5608

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
525⤵
- Drops file in System32 directory
PID:5744

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
526⤵
PID:5876

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
527⤵
PID:6012

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
528⤵
PID:5988

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
529⤵
- Drops file in System32 directory
PID:5192

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
530⤵
PID:6068

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
531⤵
PID:5288

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
532⤵
PID:1652

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
533⤵
PID:5844

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
534⤵
PID:4324

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
535⤵
PID:5352

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
536⤵
PID:5612

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
537⤵
PID:3016

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
538⤵
- Drops file in System32 directory
PID:2920

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
539⤵
PID:1096

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
540⤵
PID:604

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
541⤵
- Drops file in System32 directory
PID:5324

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
542⤵
PID:2452

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
543⤵
PID:2940

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
544⤵
PID:8788

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
545⤵
PID:11188

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
546⤵
PID:10588

C:\Windows\SysWOW64\Launcher.exe
C:\Windows\system32\Launcher.exe
547⤵
PID:11096

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
546⤵
PID:10448

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
545⤵
PID:11024

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
544⤵
PID:10360

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
543⤵
PID:10520

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
542⤵
PID:10408

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
540⤵
PID:10372

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
539⤵
PID:10336

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
538⤵
PID:10312

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
537⤵
PID:10272

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
536⤵
PID:4548

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
535⤵
PID:5508

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
534⤵
PID:6136

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
533⤵
PID:5472

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
532⤵
PID:5360

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
531⤵
PID:5528

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
530⤵
PID:6076

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
528⤵
PID:5920

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
525⤵
PID:4860

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
524⤵
PID:5756

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
523⤵
PID:5372

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
521⤵
PID:9376

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
520⤵
PID:9788

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
519⤵
PID:5680

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
518⤵
PID:9868

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
517⤵
PID:5672

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
515⤵
PID:10208

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
514⤵
PID:10168

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
513⤵
PID:10064

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
511⤵
PID:9704

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
509⤵
PID:9764

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
508⤵
PID:4560

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
507⤵
PID:4416

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
505⤵
PID:4832

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
503⤵
PID:10080

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
502⤵
PID:5336

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
501⤵
PID:5284

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
499⤵
PID:5100

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
498⤵
PID:4452

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
497⤵
PID:5420

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
496⤵
PID:9728

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
495⤵
PID:5164

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
494⤵
PID:10020

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
492⤵
PID:9876

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
491⤵
PID:9816

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
489⤵
PID:4896

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
488⤵
PID:9644

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
487⤵
PID:9368

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
486⤵
PID:5232

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
485⤵
PID:9456

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
484⤵
PID:9448

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
483⤵
PID:9684

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
482⤵
PID:5188

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
480⤵
PID:10148

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
478⤵
PID:9552

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
475⤵
PID:4980

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
474⤵
PID:9884

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
473⤵
PID:4808

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
471⤵
PID:4856

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
470⤵
PID:9328

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
468⤵
PID:9832

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
467⤵
PID:9464

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
466⤵
PID:9320

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
464⤵
PID:9260

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
463⤵
PID:10216

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
462⤵
PID:10172

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
461⤵
PID:10116

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
459⤵
PID:9988

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
458⤵
PID:9948

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
457⤵
PID:9900

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
456⤵
PID:9432

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
455⤵
PID:9752

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
454⤵
PID:9776

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
452⤵
PID:9636

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
450⤵
PID:9580

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
449⤵
PID:4380

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
448⤵
PID:9496

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
447⤵
PID:8640

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
446⤵
PID:4912

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
445⤵
PID:9248

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
444⤵
PID:10232

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
443⤵
PID:10188

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
442⤵
PID:10140

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
441⤵
PID:10100

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
440⤵
PID:10068

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
438⤵
PID:10044

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
437⤵
PID:9996

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
436⤵
PID:9956

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
434⤵
PID:9888

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
433⤵
PID:9804

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
432⤵
PID:9768

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
431⤵
PID:9716

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
429⤵
PID:9664

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
428⤵
PID:9652

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
426⤵
PID:9596

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
425⤵
PID:9536

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
423⤵
PID:9504

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
421⤵
PID:9436

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
419⤵
PID:9396

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
418⤵
PID:9332

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
417⤵
PID:9268

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
416⤵
PID:9304

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
415⤵
PID:9232

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
414⤵
PID:4888

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
412⤵
PID:4180

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
411⤵
PID:5020

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
409⤵
PID:3360

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
408⤵
PID:4984

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
407⤵
PID:4812

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
406⤵
PID:5008

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
404⤵
PID:8848

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
403⤵
PID:9208

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
402⤵
PID:4936

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
401⤵
PID:4864

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
400⤵
PID:4900

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
399⤵
PID:4448

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
397⤵
PID:4876

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
396⤵
PID:7020

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
395⤵
PID:4836

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
394⤵
PID:4336

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
393⤵
PID:3604

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
392⤵
PID:4284

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
391⤵
PID:8676

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
390⤵
PID:4360

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
389⤵
PID:9108

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
388⤵
PID:4424

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
387⤵
PID:4540

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
386⤵
PID:3432

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
385⤵
PID:4520

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
384⤵
PID:4480

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
383⤵
PID:4484

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
382⤵
PID:3848

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
381⤵
PID:3688

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
380⤵
PID:2856

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
364⤵
PID:8772

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
363⤵
PID:8268

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
362⤵
PID:9152

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
361⤵
PID:8388

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
359⤵
PID:4304

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
358⤵
PID:9144

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
357⤵
PID:4268

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
356⤵
PID:9032

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
355⤵
PID:8776

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
354⤵
PID:8856

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
353⤵
PID:8624

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
351⤵
PID:4144

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
350⤵
PID:4044

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
349⤵
PID:7692

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
348⤵
PID:4040

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
346⤵
PID:9164

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
344⤵
PID:9112

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
343⤵
PID:8992

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
342⤵
PID:3712

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
341⤵
PID:3580

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
340⤵
PID:3396

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
339⤵
PID:8692

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
338⤵
PID:8416

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
337⤵
PID:8440

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
336⤵
PID:8356

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
335⤵
PID:3980

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
334⤵
PID:8248

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
333⤵
PID:3944

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
332⤵
PID:9136

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
331⤵
PID:9088

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
330⤵
PID:9004

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
329⤵
PID:8948

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
326⤵
PID:8840

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
325⤵
PID:3664

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
324⤵
PID:8696

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
323⤵
PID:8644

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
322⤵
PID:8628

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
321⤵
PID:3384

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
319⤵
PID:8548

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
318⤵
PID:8432

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
317⤵
PID:8360

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
316⤵
PID:8308

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
315⤵
PID:8204

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
314⤵
PID:3412

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
313⤵
PID:9120

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
312⤵
PID:9172

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
311⤵
PID:9036

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
310⤵
PID:9064

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
309⤵
PID:8924

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
308⤵
PID:8972

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
307⤵
PID:8868

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
306⤵
PID:8792

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
305⤵
PID:8744

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
304⤵
PID:8700

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
303⤵
PID:8600

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
302⤵
PID:8556

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
299⤵
PID:8444

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
298⤵
PID:8512

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
297⤵
PID:8328

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
296⤵
PID:8376

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
295⤵
PID:8272

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
294⤵
PID:8228

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
293⤵
PID:3940

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
292⤵
PID:3900

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
289⤵
PID:3620

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
287⤵
PID:7332

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
286⤵
PID:3852

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
284⤵
PID:4008

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
283⤵
PID:3804

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
282⤵
PID:3528

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
281⤵
PID:3772

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
280⤵
PID:3844

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
279⤵
PID:3840

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
277⤵
PID:8052

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
276⤵
PID:3572

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
275⤵
PID:3608

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
272⤵
PID:7708

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
271⤵
PID:3816

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
270⤵
PID:3204

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
269⤵
PID:3344

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
268⤵
PID:7960

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
267⤵
PID:7716

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
266⤵
PID:7364

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
265⤵
PID:2732

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
264⤵
PID:8088

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
263⤵
PID:3380

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
262⤵
PID:3636

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
261⤵
PID:3304

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
260⤵
PID:1936

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
259⤵
PID:7336

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
258⤵
PID:7276

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
256⤵
PID:3560

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
255⤵
PID:8032

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
254⤵
PID:7968

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
251⤵
PID:7732

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
250⤵
PID:3500

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
249⤵
PID:3476

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
248⤵
PID:3448

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
247⤵
PID:7252

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
246⤵
PID:3404

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
245⤵
PID:8168

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
244⤵
PID:8108

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
243⤵
PID:7928

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
242⤵
PID:7888

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
241⤵
PID:3080

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
240⤵
PID:3028

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
239⤵
PID:7640

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
238⤵
PID:7612

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
237⤵
PID:3244

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
236⤵
PID:7448

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
235⤵
PID:7348

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
233⤵
PID:276

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
232⤵
PID:8176

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
231⤵
PID:8060

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
230⤵
PID:8124

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
229⤵
PID:7884

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
228⤵
PID:3124

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
227⤵
PID:7776

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
226⤵
PID:7764

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
223⤵
PID:7620

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
222⤵
PID:7560

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
221⤵
PID:7468

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
220⤵
PID:7404

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
219⤵
PID:7316

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
218⤵
PID:7260

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
217⤵
PID:3032

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
216⤵
PID:7196

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
215⤵
PID:8136

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
214⤵
PID:8100

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
212⤵
PID:8064

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
211⤵
PID:7940

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
210⤵
PID:7980

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
209⤵
PID:7892

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
208⤵
PID:7836

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
207⤵
PID:7788

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
206⤵
PID:7720

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
205⤵
PID:7700

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
203⤵
PID:7652

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
202⤵
PID:7632

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
201⤵
PID:7600

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
199⤵
PID:7520

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
198⤵
PID:7480

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
197⤵
PID:7432

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
195⤵
PID:7368

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
193⤵
PID:7288

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
192⤵
PID:7320

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
191⤵
PID:7212

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
190⤵
PID:1840

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
189⤵
PID:1060

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
188⤵
PID:2224

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
186⤵
PID:2576

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
185⤵
PID:2016

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
183⤵
PID:1556

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
182⤵
PID:7064

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
181⤵
PID:788

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
180⤵
PID:1704

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
179⤵
PID:908

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
178⤵
PID:2664

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
177⤵
PID:6216

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
175⤵
PID:1172

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
174⤵
PID:2492

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
173⤵
PID:2756

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
172⤵
PID:816

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
171⤵
PID:3052

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
170⤵
PID:2468

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
168⤵
PID:7112

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
167⤵
PID:1988

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
165⤵
PID:1972

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
164⤵
PID:2036

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
163⤵
PID:6196

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
162⤵
PID:2328

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
161⤵
PID:2724

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
159⤵
PID:2332

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
158⤵
PID:6616

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
157⤵
PID:6276

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
156⤵
PID:944

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
155⤵
PID:2860

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
154⤵
PID:1532

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
153⤵
PID:2800

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
152⤵
PID:6972

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
151⤵
PID:6552

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
150⤵
PID:6548

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
149⤵
PID:1688

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
148⤵
PID:6164

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
147⤵
PID:1040

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
146⤵
PID:2620

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
145⤵
PID:6932

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
144⤵
PID:6888

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
143⤵
PID:108

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
142⤵
PID:2004

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
141⤵
PID:6388

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
140⤵
PID:2296

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
139⤵
PID:568

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
138⤵
PID:2784

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
137⤵
PID:6176

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
135⤵
PID:2608

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
134⤵
PID:7152

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
133⤵
PID:6980

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
132⤵
PID:6908

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
131⤵
PID:6732

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
129⤵
PID:6640

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
128⤵
PID:6668

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
127⤵
PID:6556

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
126⤵
PID:1724

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
125⤵
PID:1728

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
124⤵
PID:576

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
123⤵
PID:2716

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
122⤵
PID:6300

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
121⤵
PID:2020

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
120⤵
PID:1076

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
118⤵
PID:7068

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
117⤵
PID:7016

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
115⤵
PID:6872

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
114⤵
PID:6780

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
113⤵
PID:6676

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
111⤵
PID:1500

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
110⤵
PID:6544

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
108⤵
PID:6404

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
107⤵
PID:6284

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
106⤵
PID:6272

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
105⤵
PID:2560

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
104⤵
PID:2424

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
101⤵
PID:7080

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
100⤵
PID:7032

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
99⤵
PID:6988

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
98⤵
PID:6948

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
97⤵
PID:6892

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
96⤵
PID:6832

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
95⤵
PID:6784

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
94⤵
PID:6764

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
93⤵
PID:6660

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
92⤵
PID:6712

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
90⤵
PID:6532

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
89⤵
PID:6504

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
88⤵
PID:6468

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
87⤵
PID:6408

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
85⤵
PID:6312

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
84⤵
PID:6352

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
83⤵
PID:6200

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
82⤵
PID:6244

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
81⤵
PID:2132

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
79⤵
PID:4204

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
78⤵
PID:5976

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
77⤵
PID:2280

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
76⤵
PID:5328

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
75⤵
PID:2944

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
74⤵
PID:2416

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
73⤵
PID:6044

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
71⤵
PID:5596

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
70⤵
PID:2104

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
69⤵
PID:1732

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
68⤵
PID:5824

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
67⤵
PID:3048

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
66⤵
PID:5376

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
65⤵
PID:5156

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
64⤵
PID:5532

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
63⤵
PID:6000

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
62⤵
PID:5700

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
61⤵
PID:5996

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
59⤵
PID:5520

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
49⤵
PID:5228

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
45⤵
PID:684

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
42⤵
PID:856

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
40⤵
PID:5888

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
39⤵
PID:2416

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
38⤵
PID:2060

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
37⤵
PID:6044

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
36⤵
PID:952

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
34⤵
PID:1848

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
33⤵
PID:5652

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
32⤵
PID:5276

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
31⤵
PID:5952

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
30⤵
PID:5904

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
29⤵
PID:552

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
19⤵
PID:6120

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
18⤵
PID:5980

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
17⤵
PID:5964

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
15⤵
PID:5632

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
14⤵
PID:1092

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
13⤵
PID:5484

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
12⤵
PID:5604

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
11⤵
PID:5288

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
10⤵
PID:5144

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
8⤵
PID:6068

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
7⤵
PID:6004

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
6⤵
PID:5956

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
5⤵
PID:5848

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
4⤵
PID:5796

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\SysWOW64\$$a.bat
3⤵
PID:5704

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a.bat
2⤵
- Deletes itself
PID:5612

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1968503261-1612068329-446739014-1865148812712225230-1842766381613787046-1208015200"
1⤵
PID:6120

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-390524963815923442531596581004048753-1935919826196174342613970000481363533936"
1⤵
PID:5952

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-53522156011275964681221723927-30926133-1025908075868466507-89197779727413780"
1⤵
PID:952

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$a.bat
Filesize
260B

MD5
0975fcfe4ddddd3d1eb2d81eee174a2e

SHA1
513fac57b98fc3cfbb519398d5087fef98238e6f

SHA256
b110a45661f7e9a559d0bbf86083d96f5bdd2e1488697f4b815a3e358adbcaad

SHA512
d5b9b09822d319a12c33232d2e989e9df7b29205225d8accece44aafc25195753fc998ac20dc5c072c2b069fc1ca6ee8c56be8cbd9fdc626c9c91487e5ab27c4

Download Submit
C:\Windows\SysWOW64\$$a.bat
Filesize
140B

MD5
f8916a4ae7dc87d711eab36dd3f8ec10

SHA1
6c0e9a9b8f01e7bbeab5b8b20596860ae89aee43

SHA256
6e93466083fc376f869b22c7a35d0fa0d08b40e08d8e625bda3098fa0184becf

SHA512
f3b507310b9e8a3423638f8f0c5e4981ce413568bb0982bce2e79c6349150df060a89aeadd4b47fc42e4ae063b71020246e41e4f18f384935a364c20d8c57534

Download Submit
\Windows\SysWOW64\Launcher.exe
Filesize
35KB

MD5
ce9417db64112d36f1d37ae65e499be0

SHA1
05f2e7b62266060d9dbc8c3cb324faedb4b9c6de

SHA256
6701a519dca5bfe80c0db302f50c0edb67bdb48f3feb2569e19eae2c1c9d6cbf

SHA512
0e2b9f308973eaacaf5e1e5bb53bea461e39fd993df802cb736af0680057ee8a276de8f31a06d8e017a5e0c0f922dd2fefd0aa09cddc1825e29ead98938c0120

Download Submit
memory/400-196-0x0000000000230000-0x0000000000255000-memory.dmp

Filesize
148KB

Download
memory/400-206-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/552-112-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/552-118-0x0000000000290000-0x00000000002B5000-memory.dmp

Filesize
148KB

Download
memory/552-92-0x0000000000290000-0x00000000002B5000-memory.dmp

Filesize
148KB

Download
memory/552-86-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/572-119-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/584-131-0x0000000000230000-0x0000000000255000-memory.dmp

Filesize
148KB

Download
memory/584-130-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/604-199-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/684-192-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/808-149-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/808-133-0x0000000000230000-0x0000000000255000-memory.dmp

Filesize
148KB

Download
memory/808-132-0x0000000000230000-0x0000000000255000-memory.dmp

Filesize
148KB

Download
memory/808-151-0x0000000000230000-0x0000000000255000-memory.dmp

Filesize
148KB

Download
memory/808-154-0x0000000000230000-0x0000000000255000-memory.dmp

Filesize
148KB

Download
memory/820-204-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/856-186-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/916-152-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/916-156-0x00000000002D0000-0x00000000002F5000-memory.dmp

Filesize
148KB

Download
memory/952-172-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/988-212-0x00000000001C0000-0x00000000001E5000-memory.dmp

Filesize
148KB

Download
memory/1092-21-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1092-24-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1352-20-0x00000000002C0000-0x00000000002E5000-memory.dmp

Filesize
148KB

Download
memory/1352-12-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1352-16-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1352-15-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1352-47-0x00000000002C0000-0x00000000002E5000-memory.dmp

Filesize
148KB

Download
memory/1352-42-0x000000000041B000-0x000000000041C000-memory.dmp

Filesize
4KB

Download
memory/1352-14-0x000000000041B000-0x000000000041C000-memory.dmp

Filesize
4KB

Download
memory/1352-39-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1576-207-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1588-180-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1644-177-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1648-163-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1648-176-0x0000000000260000-0x0000000000285000-memory.dmp

Filesize
148KB

Download
memory/1648-164-0x0000000000260000-0x0000000000285000-memory.dmp

Filesize
148KB

Download
memory/1848-168-0x0000000000260000-0x0000000000285000-memory.dmp

Filesize
148KB

Download
memory/1848-165-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1848-150-0x0000000000260000-0x0000000000285000-memory.dmp

Filesize
148KB

Download
memory/1964-158-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1980-134-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1980-139-0x0000000000230000-0x0000000000255000-memory.dmp

Filesize
148KB

Download
memory/1992-181-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2008-248-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2160-190-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2184-170-0x0000000000240000-0x0000000000265000-memory.dmp

Filesize
148KB

Download
memory/2184-167-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2184-155-0x0000000000240000-0x0000000000265000-memory.dmp

Filesize
148KB

Download
memory/2192-173-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2204-144-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2204-160-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2204-162-0x00000000001D0000-0x00000000001F5000-memory.dmp

Filesize
148KB

Download
memory/2260-174-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2260-184-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2320-3-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2320-33-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2320-29-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2320-11-0x00000000002A0000-0x00000000002C5000-memory.dmp

Filesize
148KB

Download
memory/2320-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2320-1-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2356-89-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2356-69-0x0000000000290000-0x00000000002B5000-memory.dmp

Filesize
148KB

Download
memory/2356-95-0x0000000000290000-0x00000000002B5000-memory.dmp

Filesize
148KB

Download
memory/2404-78-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2404-106-0x0000000000230000-0x0000000000255000-memory.dmp

Filesize
148KB

Download
memory/2404-84-0x0000000000230000-0x0000000000255000-memory.dmp

Filesize
148KB

Download
memory/2404-103-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2416-142-0x0000000000240000-0x0000000000265000-memory.dmp

Filesize
148KB

Download
memory/2416-140-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2416-109-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2420-97-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2544-63-0x0000000000230000-0x0000000000255000-memory.dmp

Filesize
148KB

Download
memory/2544-82-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2544-85-0x0000000000230000-0x0000000000255000-memory.dmp

Filesize
148KB

Download
memory/2584-36-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2584-64-0x0000000000430000-0x0000000000455000-memory.dmp

Filesize
148KB

Download
memory/2584-35-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2584-38-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2600-58-0x00000000001C0000-0x00000000001E5000-memory.dmp

Filesize
148KB

Download
memory/2600-34-0x00000000001C0000-0x00000000001E5000-memory.dmp

Filesize
148KB

Download
memory/2600-30-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2600-27-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2612-71-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2612-76-0x0000000000230000-0x0000000000255000-memory.dmp

Filesize
148KB

Download
memory/2612-53-0x0000000000230000-0x0000000000255000-memory.dmp

Filesize
148KB

Download
memory/2668-74-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2668-55-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2688-125-0x0000000000430000-0x0000000000455000-memory.dmp

Filesize
148KB

Download
memory/2688-146-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2688-148-0x0000000000430000-0x0000000000455000-memory.dmp

Filesize
148KB

Download
memory/2692-143-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2692-145-0x0000000000230000-0x0000000000255000-memory.dmp

Filesize
148KB

Download
memory/2692-120-0x0000000000230000-0x0000000000255000-memory.dmp

Filesize
148KB

Download
memory/2712-65-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2744-188-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2920-194-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2964-202-0x00000000001C0000-0x00000000001E5000-memory.dmp

Filesize
148KB

Download
memory/2964-211-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2976-201-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2980-209-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/3012-197-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads