7d0db7c02619e31f3ed7ac0518c3152ffd8e281849247e0ada607a65fc4136bc

Analysis

max time kernel
226s
max time network
245s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 08:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.dcdc55d5fa8cf769e3eb1bb37b1ffb90.exe
Size

237KB
MD5

dcdc55d5fa8cf769e3eb1bb37b1ffb90
SHA1

e9cd77fa1dbfa3dc1dce5d9aa20c9c90c493424d
SHA256

7d0db7c02619e31f3ed7ac0518c3152ffd8e281849247e0ada607a65fc4136bc
SHA512

5575dab38e8f4ab46f97a9c902ae29f69304df53722c22cc5eb35c1d0347bb37677213d9d700a79e405c3aa924f6e380495a9078c1c99717ffea9da6c0c87217
SSDEEP

3072:hNzztfivMVMYuFkV3qBnFqOLp4mvy2ACh3wj5z8UPCMgqK6v9:hVz8YurEmvy2AChezLCWK6

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4924	attrib.exe
4280	attrib.exe
1424	attrib.exe
1792	attrib.exe
1512	attrib.exe
3708	attrib.exe
3792	attrib.exe
3572	attrib.exe
892	attrib.exe
1136	attrib.exe
4952	attrib.exe
3612	attrib.exe
4172	attrib.exe
1688	attrib.exe
3148	attrib.exe
4440	attrib.exe
4968	attrib.exe
4972	attrib.exe
1616	attrib.exe
1804	attrib.exe
3280	attrib.exe
3384	attrib.exe
4104	attrib.exe
3820	attrib.exe
4416	attrib.exe
4100	attrib.exe
860	attrib.exe
3392	attrib.exe
2908	attrib.exe
2096	attrib.exe
916	attrib.exe
1132	attrib.exe
1536	attrib.exe
3872	attrib.exe
1924	attrib.exe
664	attrib.exe
3804	attrib.exe
2900	attrib.exe
1120	attrib.exe
3472	attrib.exe
4292	attrib.exe
456	attrib.exe
4836	attrib.exe
3144	attrib.exe
3876	attrib.exe
2024	attrib.exe
2716	attrib.exe
1044	attrib.exe
1916	attrib.exe
4196	attrib.exe
224	attrib.exe
3636	attrib.exe
4280	attrib.exe
1292	attrib.exe
1676	attrib.exe
4044	attrib.exe
1460	attrib.exe
3708	attrib.exe
3260	attrib.exe
2664	attrib.exe
2756	attrib.exe
1256	attrib.exe
4840	attrib.exe
3552	attrib.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4168-0-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-5.dat	upx
behavioral2/files/0x00070000000231ef-6.dat	upx
behavioral2/memory/4168-7-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/memory/4924-9-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-8.dat	upx
behavioral2/files/0x00070000000231ef-10.dat	upx
behavioral2/memory/4280-11-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-12.dat	upx
behavioral2/memory/1424-13-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-14.dat	upx
behavioral2/memory/1792-15-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/memory/1512-17-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-16.dat	upx
behavioral2/files/0x00070000000231ef-18.dat	upx
behavioral2/memory/3708-19-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/memory/3792-20-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-21.dat	upx
behavioral2/memory/3572-23-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/memory/3792-22-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-24.dat	upx
behavioral2/memory/3572-25-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-26.dat	upx
behavioral2/memory/892-27-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-28.dat	upx
behavioral2/memory/1136-29-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-30.dat	upx
behavioral2/memory/4952-31-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-32.dat	upx
behavioral2/memory/4172-33-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/memory/3612-34-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/memory/4172-35-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-36.dat	upx
behavioral2/memory/1688-37-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-38.dat	upx
behavioral2/memory/3148-39-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/memory/1688-40-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-41.dat	upx
behavioral2/memory/4440-42-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/memory/3148-43-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-44.dat	upx
behavioral2/memory/4440-45-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/memory/4968-47-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-46.dat	upx
behavioral2/files/0x00070000000231ef-48.dat	upx
behavioral2/memory/4972-49-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-50.dat	upx
behavioral2/memory/1616-51-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/memory/1804-53-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-52.dat	upx
behavioral2/files/0x00070000000231ef-54.dat	upx
behavioral2/memory/3280-55-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-56.dat	upx
behavioral2/memory/3384-57-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-58.dat	upx
behavioral2/memory/4104-59-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-60.dat	upx
behavioral2/memory/3820-61-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-62.dat	upx
behavioral2/memory/4416-63-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/memory/4100-64-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/files/0x00070000000231ef-65.dat	upx
behavioral2/memory/4100-66-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/memory/860-68-0x0000000000400000-0x000000000042F000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File created	C:\Windows\SysWOW64\CURITY~1\attrib.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\CURITY~1\attrib.exe	attrib.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4168 wrote to memory of 4924	4168	NEAS.dcdc55d5fa8cf769e3eb1bb37b1ffb90.exe	89
PID 4168 wrote to memory of 4924	4168	NEAS.dcdc55d5fa8cf769e3eb1bb37b1ffb90.exe	89
PID 4168 wrote to memory of 4924	4168	NEAS.dcdc55d5fa8cf769e3eb1bb37b1ffb90.exe	89
PID 4924 wrote to memory of 4280	4924	attrib.exe	90
PID 4924 wrote to memory of 4280	4924	attrib.exe	90
PID 4924 wrote to memory of 4280	4924	attrib.exe	90
PID 4280 wrote to memory of 1424	4280	attrib.exe	91
PID 4280 wrote to memory of 1424	4280	attrib.exe	91
PID 4280 wrote to memory of 1424	4280	attrib.exe	91
PID 1424 wrote to memory of 1792	1424	attrib.exe	92
PID 1424 wrote to memory of 1792	1424	attrib.exe	92
PID 1424 wrote to memory of 1792	1424	attrib.exe	92
PID 1792 wrote to memory of 1512	1792	attrib.exe	93
PID 1792 wrote to memory of 1512	1792	attrib.exe	93
PID 1792 wrote to memory of 1512	1792	attrib.exe	93
PID 1512 wrote to memory of 3708	1512	attrib.exe	94
PID 1512 wrote to memory of 3708	1512	attrib.exe	94
PID 1512 wrote to memory of 3708	1512	attrib.exe	94
PID 3708 wrote to memory of 3792	3708	attrib.exe	95
PID 3708 wrote to memory of 3792	3708	attrib.exe	95
PID 3708 wrote to memory of 3792	3708	attrib.exe	95
PID 3792 wrote to memory of 3572	3792	attrib.exe	96
PID 3792 wrote to memory of 3572	3792	attrib.exe	96
PID 3792 wrote to memory of 3572	3792	attrib.exe	96
PID 3572 wrote to memory of 892	3572	attrib.exe	97
PID 3572 wrote to memory of 892	3572	attrib.exe	97
PID 3572 wrote to memory of 892	3572	attrib.exe	97
PID 892 wrote to memory of 1136	892	attrib.exe	98
PID 892 wrote to memory of 1136	892	attrib.exe	98
PID 892 wrote to memory of 1136	892	attrib.exe	98
PID 1136 wrote to memory of 4952	1136	attrib.exe	99
PID 1136 wrote to memory of 4952	1136	attrib.exe	99
PID 1136 wrote to memory of 4952	1136	attrib.exe	99
PID 4952 wrote to memory of 3612	4952	attrib.exe	100
PID 4952 wrote to memory of 3612	4952	attrib.exe	100
PID 4952 wrote to memory of 3612	4952	attrib.exe	100
PID 3612 wrote to memory of 4172	3612	attrib.exe	101
PID 3612 wrote to memory of 4172	3612	attrib.exe	101
PID 3612 wrote to memory of 4172	3612	attrib.exe	101
PID 4172 wrote to memory of 1688	4172	attrib.exe	102
PID 4172 wrote to memory of 1688	4172	attrib.exe	102
PID 4172 wrote to memory of 1688	4172	attrib.exe	102
PID 1688 wrote to memory of 3148	1688	attrib.exe	103
PID 1688 wrote to memory of 3148	1688	attrib.exe	103
PID 1688 wrote to memory of 3148	1688	attrib.exe	103
PID 3148 wrote to memory of 4440	3148	attrib.exe	104
PID 3148 wrote to memory of 4440	3148	attrib.exe	104
PID 3148 wrote to memory of 4440	3148	attrib.exe	104
PID 4440 wrote to memory of 4968	4440	attrib.exe	105
PID 4440 wrote to memory of 4968	4440	attrib.exe	105
PID 4440 wrote to memory of 4968	4440	attrib.exe	105
PID 4968 wrote to memory of 4972	4968	attrib.exe	106
PID 4968 wrote to memory of 4972	4968	attrib.exe	106
PID 4968 wrote to memory of 4972	4968	attrib.exe	106
PID 4972 wrote to memory of 1616	4972	attrib.exe	107
PID 4972 wrote to memory of 1616	4972	attrib.exe	107
PID 4972 wrote to memory of 1616	4972	attrib.exe	107
PID 1616 wrote to memory of 1804	1616	attrib.exe	108
PID 1616 wrote to memory of 1804	1616	attrib.exe	108
PID 1616 wrote to memory of 1804	1616	attrib.exe	108
PID 1804 wrote to memory of 3280	1804	attrib.exe	109
PID 1804 wrote to memory of 3280	1804	attrib.exe	109
PID 1804 wrote to memory of 3280	1804	attrib.exe	109
PID 3280 wrote to memory of 3384	3280	attrib.exe	110

Views/modifies file attributes 1 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
1136	attrib.exe
2148	attrib.exe
3804	attrib.exe
2600	attrib.exe
2980	Process not Found
4812	attrib.exe
4952	attrib.exe
1524	attrib.exe
1724	attrib.exe
988	attrib.exe
688	attrib.exe
3628	attrib.exe
4416	Process not Found
4796	Process not Found
1096	attrib.exe
5080	attrib.exe
4988	attrib.exe
560	attrib.exe
1312	Process not Found
4412	Process not Found
3140	Process not Found
1252	attrib.exe
2720	attrib.exe
2036	attrib.exe
3528	attrib.exe
4168	attrib.exe
2592	Process not Found
3716	Process not Found
2640	attrib.exe
1156	attrib.exe
1532	attrib.exe
4568	attrib.exe
4936	Process not Found
2620	attrib.exe
2024	Process not Found
780	attrib.exe
3880	attrib.exe
3908	attrib.exe
4924	attrib.exe
2148	attrib.exe
4896	Process not Found
1560	Process not Found
472	Process not Found
3256	attrib.exe
3392	attrib.exe
1256	attrib.exe
4468	attrib.exe
468	Process not Found
3604	attrib.exe
3532	attrib.exe
4060	attrib.exe
456	attrib.exe
1724	attrib.exe
988	attrib.exe
4412	attrib.exe
3856	attrib.exe
2720	Process not Found
1800	Process not Found
224	Process not Found
2916	Process not Found
3708	attrib.exe
4644	attrib.exe
2156	attrib.exe
3548	attrib.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.dcdc55d5fa8cf769e3eb1bb37b1ffb90.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.dcdc55d5fa8cf769e3eb1bb37b1ffb90.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4168
- C:\Windows\SysWOW64\CURITY~1\attrib.exe
  C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4924
- - C:\Windows\SysWOW64\CURITY~1\attrib.exe
    C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4280
  - - C:\Windows\SysWOW64\CURITY~1\attrib.exe
      C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1424
    - - C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1792
      - C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1512
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        Views/modifies file attributes
        
        PID:3708
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3792
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3572
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:892
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1136
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4952
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3612
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4172
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1688
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        16⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3148
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4440
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        18⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4968
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4972
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        20⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1616
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1804
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        22⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3280
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        23⤵
        Executes dropped EXE
        
        PID:3384
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        24⤵
        Executes dropped EXE
        
        PID:4104
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        25⤵
        Executes dropped EXE
        
        PID:3820
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        26⤵
        Executes dropped EXE
        
        PID:4416
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        27⤵
        Executes dropped EXE
        
        PID:4100
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        28⤵
        Executes dropped EXE
        
        PID:860
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        29⤵
        Executes dropped EXE
        
        PID:3392
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        30⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2908
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        31⤵
        Executes dropped EXE
        
        PID:2096
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        32⤵
        Executes dropped EXE
        
        PID:916
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        33⤵
        Executes dropped EXE
        
        PID:1132
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        34⤵
        Executes dropped EXE
        
        PID:1536
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        35⤵
        Executes dropped EXE
        
        PID:3872
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        36⤵
        Executes dropped EXE
        
        PID:1924
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        37⤵
        Executes dropped EXE
        
        PID:664
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        38⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        39⤵
        Executes dropped EXE
        
        PID:2900
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        40⤵
        Executes dropped EXE
        
        PID:1120
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        41⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        42⤵
        Executes dropped EXE
        
        PID:4292
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        43⤵
        Executes dropped EXE
        
        PID:456
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        44⤵
        Executes dropped EXE
        
        PID:4836
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        45⤵
        Executes dropped EXE
        
        PID:3144
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        46⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3876
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        47⤵
        Executes dropped EXE
        
        PID:2024
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        48⤵
        Executes dropped EXE
        
        PID:2716
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        49⤵
        Executes dropped EXE
        
        PID:1044
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        50⤵
        Executes dropped EXE
        
        PID:1916
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        51⤵
        Executes dropped EXE
        
        PID:4196
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        52⤵
        Executes dropped EXE
        
        PID:224
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        53⤵
        Executes dropped EXE
        
        PID:3636
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        54⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4280
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        55⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        56⤵
        Executes dropped EXE
        
        PID:1676
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        57⤵
        Executes dropped EXE
        
        PID:4044
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        58⤵
        Executes dropped EXE
        
        PID:1460
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        59⤵
        Executes dropped EXE
        
        PID:3708
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        60⤵
        Executes dropped EXE
        
        PID:3260
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        61⤵
        Executes dropped EXE
        
        PID:2664
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        62⤵
        Executes dropped EXE
        
        PID:2756
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        63⤵
        Executes dropped EXE
        
        PID:1256
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        64⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        65⤵
        Executes dropped EXE
        
        PID:3552
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        66⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        67⤵
        
        PID:180
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        68⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        69⤵
        
        PID:556
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        70⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        71⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        72⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        73⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        74⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        75⤵
        
        PID:388
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        76⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        77⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        78⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        79⤵
        
        PID:332
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        80⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        81⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        82⤵
        Views/modifies file attributes
        
        PID:1252
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        83⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        84⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        85⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        86⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        87⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        88⤵
        
        PID:860
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        89⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        90⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        91⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        92⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        93⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        94⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        95⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        96⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        97⤵
        Views/modifies file attributes
        
        PID:4644
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        98⤵
        
        PID:532
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        99⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        100⤵
        Executes dropped EXE
        
        PID:3804
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        101⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        102⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        103⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        104⤵
        Executes dropped EXE
        
        PID:3472
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        105⤵
        
        PID:232
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        106⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        107⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        108⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        109⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        110⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        111⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        112⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        113⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        114⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        115⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        116⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        117⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        118⤵
        Drops file in System32 directory
        
        PID:4584
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        119⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        120⤵
        Executes dropped EXE
        
        PID:1292
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        121⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        122⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        123⤵
        
        PID:404
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        124⤵
        Views/modifies file attributes
        
        PID:780
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        125⤵
        
        PID:212
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        126⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        127⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        128⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        129⤵
        Views/modifies file attributes
        
        PID:1136
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        130⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        131⤵
        Executes dropped EXE
        
        PID:4840
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        132⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        133⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        134⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        135⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        136⤵
        Views/modifies file attributes
        
        PID:2148
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        137⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        138⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        139⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        140⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        141⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        142⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        143⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        144⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        145⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        146⤵
        
        PID:332
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        147⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        148⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        149⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        150⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        151⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        152⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        153⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        154⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        155⤵
        
        PID:860
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        156⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        157⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        158⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        159⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        160⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        161⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        162⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        163⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        164⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        165⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        166⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        167⤵
        Views/modifies file attributes
        
        PID:3604
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        168⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        169⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        170⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        171⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        172⤵
        Drops file in System32 directory
        
        PID:2288
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        173⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        174⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        175⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        176⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        177⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        178⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        179⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        180⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        181⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        182⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        183⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        184⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        185⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        186⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        187⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        188⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        189⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        190⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        191⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        192⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        193⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        194⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        195⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        196⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        197⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        198⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        199⤵
        Drops file in System32 directory
        
        PID:5000
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        200⤵
        
        PID:180
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        201⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        202⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        203⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        204⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        205⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        206⤵
        Views/modifies file attributes
        
        PID:3256
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        207⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        208⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        209⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        210⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        211⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        212⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        213⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        214⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        215⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        216⤵
        Views/modifies file attributes
        
        PID:988
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        217⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        218⤵
        Views/modifies file attributes
        
        PID:3392
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        219⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        220⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        221⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        222⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        223⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        224⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        225⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        226⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        227⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        228⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        229⤵
        
        PID:1440
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        230⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        231⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        232⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        233⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        234⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        235⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        236⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        237⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        238⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        239⤵
        Drops file in System32 directory
        
        PID:1152
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        240⤵
        
        PID:644
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        241⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        242⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        243⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        244⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        245⤵
        
        PID:468
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        246⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        247⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        248⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        249⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        250⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        251⤵
        
        PID:984
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        252⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        253⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        254⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        255⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        256⤵
        
        PID:652
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        257⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        258⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        259⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        260⤵
        Views/modifies file attributes
        
        PID:2720
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        261⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        262⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        263⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        264⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        265⤵
        Drops file in System32 directory
        
        PID:4872
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        266⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        267⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        268⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        269⤵
        Views/modifies file attributes
        
        PID:4812
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        270⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        271⤵
        Drops file in System32 directory
        
        PID:3548
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        272⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        273⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        274⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        275⤵
        Drops file in System32 directory
        
        PID:3444
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        276⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        277⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        278⤵
        Views/modifies file attributes
        
        PID:988
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        279⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        280⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        281⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        282⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        283⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        284⤵
        
        PID:760
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        285⤵
        
        PID:400
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        286⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        287⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        288⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        289⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        290⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        291⤵
        Views/modifies file attributes
        
        PID:3804
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        292⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        293⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        294⤵
        
        PID:660
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        295⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        296⤵
        
        PID:456
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        297⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        298⤵
        Views/modifies file attributes
        
        PID:2600
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        299⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        300⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        301⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        302⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        303⤵
        
        PID:644
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        304⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        305⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        306⤵
        
        PID:224
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        307⤵
        Drops file in System32 directory
        
        PID:3372
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        308⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        309⤵
        Drops file in System32 directory
        
        PID:1532
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        310⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        311⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        312⤵
        Drops file in System32 directory
        
        PID:2596
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        313⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        314⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        315⤵
        Drops file in System32 directory
        
        PID:3260
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        316⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        317⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        318⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        319⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        320⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        321⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        322⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        323⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        324⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        325⤵
        Views/modifies file attributes
        
        PID:2640
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        326⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        327⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        328⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        329⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        330⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        331⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        332⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        333⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        334⤵
        
        PID:332
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        335⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        336⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        337⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        338⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        339⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        340⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        341⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        342⤵
        
        PID:988
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        343⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        344⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        345⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        346⤵
        
        PID:536
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        347⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        348⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        349⤵
        Drops file in System32 directory
        
        PID:1132
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        350⤵
        
        PID:1296
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        351⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        352⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        353⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        354⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        355⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        356⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        357⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        358⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        359⤵
        
        PID:660
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        360⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        361⤵
        
        PID:456
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        362⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        363⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        364⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        365⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        366⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        367⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        368⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        369⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        370⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        371⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        372⤵
        
        PID:468
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        373⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        374⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        375⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        376⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        377⤵
        Views/modifies file attributes
        
        PID:3880
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        378⤵
        
        PID:780
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        379⤵
        
        PID:984
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        380⤵
        
        PID:492
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        381⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        382⤵
        Views/modifies file attributes
        
        PID:3908
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        383⤵
        
        PID:568
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        384⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        385⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        386⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        387⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        388⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        389⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        390⤵
        Drops file in System32 directory
        
        PID:4944
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        391⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        392⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        393⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        394⤵
        Drops file in System32 directory
        
        PID:2216
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        395⤵
        
        PID:828
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        396⤵
        
        PID:440
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        397⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        398⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        399⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        400⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        401⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        402⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        403⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        404⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        405⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        406⤵
        
        PID:860
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        407⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        408⤵
        
        PID:988
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        409⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        410⤵
        Views/modifies file attributes
        
        PID:2036
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        411⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        412⤵
        
        PID:536
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        413⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        414⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        415⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        416⤵
        
        PID:532
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        417⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        418⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        419⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        420⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        421⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        422⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        423⤵
        Drops file in System32 directory
        
        PID:232
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        424⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        425⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        426⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        427⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        428⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        429⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        430⤵
        Drops file in System32 directory
        
        PID:4308
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        431⤵
        Views/modifies file attributes
        
        PID:3528
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        432⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        433⤵
        
        PID:3180
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        434⤵
        Views/modifies file attributes
        
        PID:4924
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        435⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        436⤵
        Drops file in System32 directory
        
        PID:4352
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        437⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        438⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        439⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        440⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        441⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        442⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        443⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        444⤵
        
        PID:184
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        445⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        446⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        447⤵
        Drops file in System32 directory
        
        PID:652
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        448⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        449⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        450⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        451⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        452⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        453⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        454⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        455⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        456⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        457⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        458⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        459⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        460⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        461⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        462⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        463⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        464⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        465⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        466⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        467⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        468⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        469⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        470⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        471⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        472⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        473⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        474⤵
        Drops file in System32 directory
        
        PID:2804
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        475⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        476⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        477⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        478⤵
        
        PID:1132
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        479⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        480⤵
        
        PID:996
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        481⤵
        Views/modifies file attributes
        
        PID:1096
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        482⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        483⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        484⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        485⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        486⤵
        Views/modifies file attributes
        
        PID:1156
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        487⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        488⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        489⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        490⤵
        
        PID:456
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        491⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        492⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        493⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        494⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        495⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        496⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        497⤵
        
        PID:644
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        498⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        499⤵
        Drops file in System32 directory
        
        PID:1680
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        500⤵
        Drops file in System32 directory
        
        PID:4468
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        501⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        502⤵
        Views/modifies file attributes
        
        PID:1532
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        503⤵
        
        PID:472
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        504⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        505⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        506⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        507⤵
        Drops file in System32 directory
        
        PID:4900
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        508⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        509⤵
        
        PID:780
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        510⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        511⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        512⤵
        Drops file in System32 directory
        
        PID:3140
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        513⤵
        Views/modifies file attributes
        
        PID:4952
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        514⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        515⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        516⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        517⤵
        
        PID:180
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        518⤵
        Views/modifies file attributes
        
        PID:3532
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        519⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        520⤵
        Drops file in System32 directory
        
        PID:3352
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        521⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        522⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        523⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        524⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        525⤵
        
        PID:828
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        526⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        527⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        528⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        529⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        530⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        531⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        532⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        533⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        534⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        535⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        536⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        537⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        538⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        539⤵
        
        PID:688
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        540⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        541⤵
        
        PID:536
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        542⤵
        Drops file in System32 directory
        
        PID:400
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        543⤵
        
        PID:1296
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        544⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        545⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        546⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        547⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        548⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        549⤵
        Views/modifies file attributes
        
        PID:3628
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        550⤵
        Views/modifies file attributes
        
        PID:5080
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        551⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        552⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        553⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        554⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        555⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        556⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        557⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        558⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        559⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        560⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        561⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        562⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        563⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        564⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        565⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        566⤵
        
        PID:1424
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        567⤵
        Views/modifies file attributes
        
        PID:1524
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        568⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        569⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        570⤵
        Views/modifies file attributes
        
        PID:4060
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        571⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        572⤵
        
        PID:984
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        573⤵
        
        PID:904
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        574⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        575⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        576⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        577⤵
        
        PID:652
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        578⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        579⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        580⤵
        
        PID:180
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        581⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        582⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        583⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        584⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        585⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        586⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        587⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        588⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        589⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        590⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        591⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        592⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        593⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        594⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        595⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        596⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        597⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        598⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        599⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        600⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        601⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        602⤵
        Views/modifies file attributes
        
        PID:688
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        603⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        604⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        605⤵
        
        PID:400
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        606⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        607⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        608⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        609⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        610⤵
        
        PID:1440
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        611⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        612⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        613⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        614⤵
        
        PID:660
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        615⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        616⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        617⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        618⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        619⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        620⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        621⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        622⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        623⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        624⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        625⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        626⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        627⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        628⤵
        
        PID:468
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        629⤵
        
        PID:1424
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        630⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        631⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        632⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        633⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        634⤵
        Drops file in System32 directory
        
        PID:492
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        635⤵
        
        PID:780
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        636⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        637⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        638⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        639⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        640⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        641⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        642⤵
        Drops file in System32 directory
        
        PID:2680
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        643⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        644⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        645⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        646⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        647⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        648⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        649⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        650⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        651⤵
        
        PID:3380
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        652⤵
        Views/modifies file attributes
        
        PID:2156
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        653⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        654⤵
        
        PID:804
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        655⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        656⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        657⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        658⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        659⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        660⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        661⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        662⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        663⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        664⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        665⤵
        Drops file in System32 directory
        
        PID:3168
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        666⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        667⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        668⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        669⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        670⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        671⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        672⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        673⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        674⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        675⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        676⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        677⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        678⤵
        
        PID:660
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        679⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        680⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        681⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        682⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        683⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        684⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        685⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        686⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        687⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        688⤵
        
        PID:224
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        689⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        690⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        691⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        692⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        693⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        694⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        695⤵
        
        PID:436
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        696⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        697⤵
        
        PID:984
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        698⤵
        
        PID:780
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        699⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        700⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        701⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        702⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        703⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        704⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        705⤵
        
        PID:696
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        706⤵
        Drops file in System32 directory
        
        PID:180
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        707⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        708⤵
        
        PID:388
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        709⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        710⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        711⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        712⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        713⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        714⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        715⤵
        Views/modifies file attributes
        
        PID:4568
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        716⤵
        Drops file in System32 directory
        
        PID:3772
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        717⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        718⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        719⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        720⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        721⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        722⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        723⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        724⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        725⤵
        
        PID:916
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        726⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        727⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        728⤵
        
        PID:536
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        729⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        730⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        731⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        732⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        733⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        734⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        735⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        736⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        737⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        738⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        739⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        740⤵
        
        PID:660
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        741⤵
        Views/modifies file attributes
        
        PID:4988
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        742⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        743⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        744⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        745⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        746⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        747⤵
        
        PID:3180
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        748⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        749⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        750⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        751⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        752⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        753⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        754⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        755⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        756⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        757⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        758⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        759⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        760⤵
        
        PID:492
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        761⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        762⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        763⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        764⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        765⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        766⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        767⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        768⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        769⤵
        
        PID:696
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        770⤵
        
        PID:180
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        771⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        772⤵
        
        PID:388
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        773⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        774⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        775⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        776⤵
        
        PID:3124
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        777⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        778⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        779⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        780⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        781⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        782⤵
        
        PID:496
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        783⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        784⤵
        
        PID:3164
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        785⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        786⤵
        
        PID:860
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        787⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        788⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        789⤵
        
        PID:988
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        790⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        791⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        792⤵
        
        PID:228
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        793⤵
        
        PID:536
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        794⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        795⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        796⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        797⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        798⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        799⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        800⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        801⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        802⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        803⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        804⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        805⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        806⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        807⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        808⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        809⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        810⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        811⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        812⤵
        Views/modifies file attributes
        
        PID:4168
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        813⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        814⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        815⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        816⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        817⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        818⤵
        Views/modifies file attributes
        
        PID:4412
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        819⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        820⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        821⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        822⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        823⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        824⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        825⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        826⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        827⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        828⤵
        Views/modifies file attributes
        
        PID:1256
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        829⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        830⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        831⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        832⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        833⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        834⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        835⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        836⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        837⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        838⤵
        
        PID:388
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        839⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        840⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        841⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        842⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        843⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        844⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        845⤵
        
        PID:332
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        846⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        847⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        848⤵
        Drops file in System32 directory
        
        PID:496
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        849⤵
        Views/modifies file attributes
        
        PID:3548
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        850⤵
        
        PID:3164
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        851⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        852⤵
        
        PID:860
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        853⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        854⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        855⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        856⤵
        
        PID:916
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        857⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        858⤵
        
        PID:228
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        859⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        860⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        861⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        862⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        863⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        864⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        865⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        422⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        423⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        424⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        425⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        426⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        427⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        428⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        429⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        430⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        431⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        432⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        433⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        434⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        435⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        436⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        437⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        438⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        439⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        440⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        441⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        442⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        443⤵
        Views/modifies file attributes
        
        PID:1724
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        444⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        445⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        446⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        447⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        448⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        449⤵
        
        PID:780
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        450⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        451⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        452⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        453⤵
        Views/modifies file attributes
        
        PID:2148
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        454⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        455⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        456⤵
        
        PID:696
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        457⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        458⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        459⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        460⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        461⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        462⤵
        
        PID:440
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        463⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        464⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        465⤵
        
        PID:3728
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        466⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        467⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        468⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        469⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        470⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        471⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        472⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        473⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        474⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        475⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        476⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        477⤵
        
        PID:1132
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        478⤵
        
        PID:1228
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        479⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        480⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        481⤵
        
        PID:532
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        482⤵
        Views/modifies file attributes
        
        PID:2620
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        483⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        484⤵
        Views/modifies file attributes
        
        PID:3856
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        485⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        486⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        487⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        488⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        489⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        490⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        491⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        492⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        493⤵
        Views/modifies file attributes
        
        PID:560
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        494⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        495⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        496⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        497⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        498⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        499⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        500⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        501⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        502⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        503⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        504⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        505⤵
        Drops file in System32 directory
        
        PID:4584
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        506⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        507⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        508⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        509⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        510⤵
        
        PID:372
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        511⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        512⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        513⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        514⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        515⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        516⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        517⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        518⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        519⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        520⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        521⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        522⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        523⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        524⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        525⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        526⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        527⤵
        
        PID:3124
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        528⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        529⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        530⤵
        
        PID:216
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        531⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        532⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        533⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        534⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        535⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        536⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        537⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        538⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        539⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        540⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        541⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        542⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        543⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        544⤵
        
        PID:988
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        545⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        546⤵
        Drops file in System32 directory
        
        PID:2420
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        547⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        548⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        549⤵
        
        PID:400
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        550⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        551⤵
        Drops file in System32 directory
        
        PID:2524
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        552⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        553⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        554⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        555⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        556⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        557⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        558⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        559⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        560⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        561⤵
        Drops file in System32 directory
        
        PID:4128
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        562⤵
        Views/modifies file attributes
        
        PID:456
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        563⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        564⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        565⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        566⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        567⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        568⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        569⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        570⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        571⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        572⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        573⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        574⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        575⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        576⤵
        Views/modifies file attributes
        
        PID:4468
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        577⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        578⤵
        Views/modifies file attributes
        
        PID:1724
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        579⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\CURITY~1\attrib.exe
        
        C:\Windows\system32\CURITY~1\attrib.exe --ru -vt yazb
        580⤵
        
        PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\CURITY~1\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
C:\Windows\SysWOW64\ѕеcurity\attrib.exe

Filesize
237KB

MD5
3f130f014df9aae1ffadad8f31d402a5

SHA1
dfb4abc11516c7bd0796e6976eb243bb11424a9c

SHA256
b5ef6549cf0e5f6602dfa3c3882f62540dc982ff0545282ab37793c56705f362

SHA512
f0e75721705b45b0058e9a199f8478fe219cd15a017f03f097a4d3fb31e31db63aa1d287dc92a8deed47d22ff0c2d8158b919bac28712344f5edae54309d54b2

Download Submit
memory/456-102-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/664-89-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/860-68-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/892-27-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/916-75-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/916-78-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1044-116-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1044-113-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1120-96-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1132-80-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1136-29-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1424-13-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1512-17-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1536-83-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1536-81-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1616-51-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1688-37-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1688-40-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1792-15-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1804-53-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1916-118-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1924-87-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2024-110-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2096-76-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2716-114-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2716-111-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2900-94-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2908-73-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3144-106-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3148-39-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3148-43-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3280-55-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3384-57-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3392-69-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3392-71-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3472-98-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3572-25-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3572-23-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3612-34-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3708-19-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3792-22-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3792-20-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3804-90-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3804-92-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3820-61-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3872-85-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3876-108-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4100-66-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4100-64-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4104-59-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4168-7-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4168-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4172-33-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4172-35-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4280-11-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4292-100-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4416-63-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4440-42-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4440-45-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4836-104-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4924-9-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4952-31-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4968-47-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4972-49-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download