Analysis
-
max time kernel
173s -
max time network
181s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
29/12/2023, 20:57
General
-
Target
03cc81994173a2270d4a42ec620fc289.exe
-
Size
13KB
-
MD5
03cc81994173a2270d4a42ec620fc289
-
SHA1
72be100d2b5589adbb54c1691735ff0ee7e5a25d
-
SHA256
be0234f8efdde6a2dfe06308b04e824125a23ae2ec0c9e42630088660ca61ca0
-
SHA512
d515d5aa8d4165a7bfb58f1171c0c273228cb54fcc743d519c4ed9e88cc4af27e1179b833ca38802bb67a63663c3c1863f593bf13c287a301116a9214ee36bc3
-
SSDEEP
384:hytZyFKxG4fffffffrxy1ROXIrXIXaY15XZk5p:hynyFiG4fffffffrxy1UXIrYB15JkX
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\03cc81994173a2270d4a42ec620fc289.exe"C:\Users\Admin\AppData\Local\Temp\03cc81994173a2270d4a42ec620fc289.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633031.bat2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Users\Admin\AppData\Local\Temp\03cc81994173a2270d4a42ec620fc289.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633171.bat3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe4⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe5⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240634078.bat5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633218.bat4⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633328.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240634546.bat5⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe5⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240634328.bat4⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240634312.bat3⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe5⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240643046.bat5⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
- Drops file in System32 directory
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
- Executes dropped EXE
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240634984.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe4⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240637734.bat5⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe7⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240637687.bat4⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633625.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633765.bat4⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe5⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633796.bat5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633734.bat3⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633671.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633953.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633250.bat3⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240634031.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240634140.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240634187.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240638968.bat3⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
- Drops file in System32 directory
-
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635250.bat3⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635046.bat3⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240634703.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240634671.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240634625.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633390.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe4⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240641234.bat4⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240641171.bat3⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
- Views/modifies file attributes
-
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635953.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635343.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635453.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635546.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635609.bat3⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
- Executes dropped EXE
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635734.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635843.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635218.bat3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe4⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635156.bat4⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240636031.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe4⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe5⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240639062.bat5⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240639000.bat4⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240636250.bat3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240636156.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240637171.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240636375.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240636437.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240637015.bat3⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240636875.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240637125.bat2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240636484.bat3⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240637421.bat3⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240637531.bat4⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe4⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240637562.bat1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635671.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240638140.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240638171.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240638500.bat2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240638562.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240638812.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240637609.bat3⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240639312.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240639562.bat4⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe4⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe5⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240639718.bat5⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240639500.bat3⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240639375.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240639921.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240640062.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240640234.bat3⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240640171.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe4⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe5⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240643359.bat5⤵
-
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240640140.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240640703.bat3⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240640578.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240640484.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240640406.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240640328.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe4⤵
-
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240644031.bat2⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240643875.bat3⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240640000.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240639781.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240642703.bat2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe4⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe5⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240641750.bat6⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h7⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h7⤵
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240641687.bat5⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240641578.bat4⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240641500.bat3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240641421.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240641328.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240641265.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240641937.bat3⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h4⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240641859.bat2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240641812.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe4⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe5⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240642953.bat5⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240642843.bat4⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe4⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe5⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240639234.bat5⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h6⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240642515.bat4⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240642796.bat3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240642750.bat2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240643171.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240642296.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240642187.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240638218.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240642375.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240642437.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240643468.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240643968.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240647734.bat2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240643906.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe3⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240644296.bat3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240644093.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240643796.bat1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240643328.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240643734.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240643484.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240643437.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240643312.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240643250.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240641984.bat2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240642546.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240642406.bat1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240642031.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240638375.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240638859.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240638750.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240638640.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240637046.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240638515.bat1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240637859.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240638265.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240638093.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240638046.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240637953.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240637890.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240637359.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240637765.bat1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240636953.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240637281.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240637218.bat1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240636656.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240636781.bat1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240636718.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240636562.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635281.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240636343.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240636312.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635906.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635984.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635781.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635406.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635375.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635187.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240635078.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240634593.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633546.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240634250.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633500.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633640.bat1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633562.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633453.bat1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633437.bat1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633296.bat1⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h2⤵
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240633265.bat1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240646265.bat2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\ayPATPAT1023.exe" -r -a -s -h3⤵
-
-
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240646359.bat1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\e7dda737da15240646203.bat1⤵
-
C:\Windows\SysWOW64\ayPATPAT1023.exeC:\Windows\system32\ayPATPAT1023.exe1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13KB
MD503cc81994173a2270d4a42ec620fc289
SHA172be100d2b5589adbb54c1691735ff0ee7e5a25d
SHA256be0234f8efdde6a2dfe06308b04e824125a23ae2ec0c9e42630088660ca61ca0
SHA512d515d5aa8d4165a7bfb58f1171c0c273228cb54fcc743d519c4ed9e88cc4af27e1179b833ca38802bb67a63663c3c1863f593bf13c287a301116a9214ee36bc3
-
Filesize
290B
MD5fa5438af00f57f206850051402811e51
SHA1ca4016523ed50ff764722fa2e4f14b8a13334efe
SHA256c93c7bd473b59d558164e48cc6478213f9a609baff507bce897eff0df411d409
SHA512c57f06d545ecc827b16c69897b4dbf28c42bde65ba57f927874e36da4c222bca4dc25a405ef843c264703d233b0828e6f1859ad1b835323aae2e1754996582c1
-
Filesize
188B
MD56f67733fd9dd249b0f2793f147ad9194
SHA1493dd3137c2e341333219faa6b99c41e04531ad1
SHA256e8616018aab84d8473f44d8454c60c7acb4e2f48bc8afaee1eb36a4aa34b9e06
SHA512bfbffd0eecacdf4eae513e5b7581f27acaf70750c1710c8f191749bcc31a03c8be0678db277ce258eb879896f0e261709387b4659d242bce0add53a4059b3105