b93acbe956e13cf3c2f1c00e5fbe98c5fbb75a53ea83e7da848c0a70e9d308d6

Analysis

max time kernel
140s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3df5a240490fdd11f45de6081ce700bd.exe
Size

5KB
MD5

3df5a240490fdd11f45de6081ce700bd
SHA1

f44938d2c08aca417bc40a95e9cb55a677121ff5
SHA256

b93acbe956e13cf3c2f1c00e5fbe98c5fbb75a53ea83e7da848c0a70e9d308d6
SHA512

07d49108f9e57ac6bd18c9c9da1698791b063bcadac899004e7a77fa016fe4be3b50577c7a5ad01aa6c84059e1860ef7d19cdb5336a46ad906479da67ed4a3de
SSDEEP

96:kexkFQsq9TDZ2jdzHUu0xV1aTas55555555555U:7E42dzHUuLap

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1216	igdjolee1.exe
4140	igdjolee1.exe
2364	igdjolee1.exe
2652	igdjolee1.exe
1004	igdjolee1.exe
2608	igdjolee1.exe
3860	igdjolee1.exe
2160	igdjolee1.exe
3288	igdjolee1.exe
3924	igdjolee1.exe
4692	cmd.exe
3156	Conhost.exe
1980	igdjolee1.exe
3936	igdjolee1.exe
1628	igdjolee1.exe
5000	cmd.exe
3144	igdjolee1.exe
4836	igdjolee1.exe
2532	igdjolee1.exe
4436	igdjolee1.exe
4088	igdjolee1.exe
3296	igdjolee1.exe
4892	igdjolee1.exe
716	igdjolee1.exe
3648	igdjolee1.exe
4644	igdjolee1.exe
4444	igdjolee1.exe
3288	igdjolee1.exe
3620	cmd.exe
2464	igdjolee1.exe
3660	Conhost.exe
2640	igdjolee1.exe
1580	attrib.exe
5128	igdjolee1.exe
5252	igdjolee1.exe
5400	igdjolee1.exe
5480	igdjolee1.exe
5724	Conhost.exe
5832	igdjolee1.exe
5968	igdjolee1.exe
6052	igdjolee1.exe
6136	igdjolee1.exe
5240	attrib.exe
3696	igdjolee1.exe
5304	attrib.exe
5368	igdjolee1.exe
5492	igdjolee1.exe
5848	cmd.exe
6092	igdjolee1.exe
5996	attrib.exe
5364	cmd.exe
6056	attrib.exe
6000	igdjolee1.exe
3572	attrib.exe
3400	igdjolee1.exe
5848	cmd.exe
5920	cmd.exe
6228	Conhost.exe
6320	igdjolee1.exe
6428	igdjolee1.exe
6520	igdjolee1.exe
6880	attrib.exe
6924	igdjolee1.exe
5060	igdjolee1.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	cmd.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File created	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File created	C:\Windows\SysWOW64\igdjolee1.exe	igdjolee1.exe
File created	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File created	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File created	C:\Windows\SysWOW64\igdjolee1.exe	igdjolee1.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File created	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File created	C:\Windows\SysWOW64\igdjolee1.exe	igdjolee1.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File created	C:\Windows\SysWOW64\igdjolee1.exe	igdjolee1.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File created	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File created	C:\Windows\SysWOW64\igdjolee1.exe	igdjolee1.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File created	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File created	C:\Windows\SysWOW64\igdjolee1.exe	igdjolee1.exe
File created	C:\Windows\SysWOW64\igdjolee1.exe	igdjolee1.exe
File created	C:\Windows\SysWOW64\igdjolee1.exe	cmd.exe
File created	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	cmd.exe
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\igdjolee1.exe	attrib.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
7852	11488	Process not Found	1910
15096	10860	Process not Found	1960
12856	15104	Process not Found	1859
10252	13996	Process not Found	1875

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 408 wrote to memory of 436	408	3df5a240490fdd11f45de6081ce700bd.exe	88
PID 408 wrote to memory of 436	408	3df5a240490fdd11f45de6081ce700bd.exe	88
PID 408 wrote to memory of 436	408	3df5a240490fdd11f45de6081ce700bd.exe	88
PID 408 wrote to memory of 1216	408	3df5a240490fdd11f45de6081ce700bd.exe	89
PID 408 wrote to memory of 1216	408	3df5a240490fdd11f45de6081ce700bd.exe	89
PID 408 wrote to memory of 1216	408	3df5a240490fdd11f45de6081ce700bd.exe	89
PID 1216 wrote to memory of 2688	1216	igdjolee1.exe	92
PID 1216 wrote to memory of 2688	1216	igdjolee1.exe	92
PID 1216 wrote to memory of 2688	1216	igdjolee1.exe	92
PID 1216 wrote to memory of 4140	1216	igdjolee1.exe	91
PID 1216 wrote to memory of 4140	1216	igdjolee1.exe	91
PID 1216 wrote to memory of 4140	1216	igdjolee1.exe	91
PID 4140 wrote to memory of 3452	4140	igdjolee1.exe	97
PID 4140 wrote to memory of 3452	4140	igdjolee1.exe	97
PID 4140 wrote to memory of 3452	4140	igdjolee1.exe	97
PID 4140 wrote to memory of 2364	4140	igdjolee1.exe	96
PID 4140 wrote to memory of 2364	4140	igdjolee1.exe	96
PID 4140 wrote to memory of 2364	4140	igdjolee1.exe	96
PID 2364 wrote to memory of 3580	2364	igdjolee1.exe	95
PID 2364 wrote to memory of 3580	2364	igdjolee1.exe	95
PID 2364 wrote to memory of 3580	2364	igdjolee1.exe	95
PID 2364 wrote to memory of 2652	2364	igdjolee1.exe	98
PID 2364 wrote to memory of 2652	2364	igdjolee1.exe	98
PID 2364 wrote to memory of 2652	2364	igdjolee1.exe	98
PID 2652 wrote to memory of 4812	2652	igdjolee1.exe	100
PID 2652 wrote to memory of 4812	2652	igdjolee1.exe	100
PID 2652 wrote to memory of 4812	2652	igdjolee1.exe	100
PID 2652 wrote to memory of 1004	2652	igdjolee1.exe	101
PID 2652 wrote to memory of 1004	2652	igdjolee1.exe	101
PID 2652 wrote to memory of 1004	2652	igdjolee1.exe	101
PID 1004 wrote to memory of 3604	1004	igdjolee1.exe	105
PID 1004 wrote to memory of 3604	1004	igdjolee1.exe	105
PID 1004 wrote to memory of 3604	1004	igdjolee1.exe	105
PID 1004 wrote to memory of 2608	1004	igdjolee1.exe	104
PID 1004 wrote to memory of 2608	1004	igdjolee1.exe	104
PID 1004 wrote to memory of 2608	1004	igdjolee1.exe	104
PID 2608 wrote to memory of 2540	2608	igdjolee1.exe	110
PID 2608 wrote to memory of 2540	2608	igdjolee1.exe	110
PID 2608 wrote to memory of 2540	2608	igdjolee1.exe	110
PID 2608 wrote to memory of 3860	2608	igdjolee1.exe	106
PID 2608 wrote to memory of 3860	2608	igdjolee1.exe	106
PID 2608 wrote to memory of 3860	2608	igdjolee1.exe	106
PID 436 wrote to memory of 4884	436	cmd.exe	158
PID 436 wrote to memory of 4884	436	cmd.exe	158
PID 436 wrote to memory of 4884	436	cmd.exe	158
PID 3860 wrote to memory of 4400	3860	igdjolee1.exe	108
PID 3860 wrote to memory of 4400	3860	igdjolee1.exe	108
PID 3860 wrote to memory of 4400	3860	igdjolee1.exe	108
PID 3860 wrote to memory of 2160	3860	igdjolee1.exe	111
PID 3860 wrote to memory of 2160	3860	igdjolee1.exe	111
PID 3860 wrote to memory of 2160	3860	igdjolee1.exe	111
PID 2160 wrote to memory of 1676	2160	igdjolee1.exe	113
PID 2160 wrote to memory of 1676	2160	igdjolee1.exe	113
PID 2160 wrote to memory of 1676	2160	igdjolee1.exe	113
PID 2160 wrote to memory of 3288	2160	igdjolee1.exe	112
PID 2160 wrote to memory of 3288	2160	igdjolee1.exe	112
PID 2160 wrote to memory of 3288	2160	igdjolee1.exe	112
PID 4812 wrote to memory of 2740	4812	cmd.exe	128
PID 4812 wrote to memory of 2740	4812	cmd.exe	128
PID 4812 wrote to memory of 2740	4812	cmd.exe	128
PID 3288 wrote to memory of 2816	3288	igdjolee1.exe	126
PID 3288 wrote to memory of 2816	3288	igdjolee1.exe	126
PID 3288 wrote to memory of 2816	3288	igdjolee1.exe	126
PID 3288 wrote to memory of 3924	3288	igdjolee1.exe	115

Views/modifies file attributes 1 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
7076	attrib.exe
7156	attrib.exe
13652	Process not Found
12572	Process not Found
13568	Process not Found
11736	Process not Found
14668	Process not Found
13636	Process not Found
7204	Process not Found
11672	Process not Found
11048	Process not Found
8696	attrib.exe
8448	attrib.exe
10720	attrib.exe
2376	attrib.exe
11024	attrib.exe
12716	Process not Found
3232	Process not Found
12796	Process not Found
3572	attrib.exe
8588	attrib.exe
14004	Process not Found
13016	Process not Found
13180	Process not Found
11316	Process not Found
7648	attrib.exe
9960	Process not Found
5420	attrib.exe
6840	attrib.exe
7328	attrib.exe
8924	Process not Found
14152	Process not Found
6792	attrib.exe
8096	attrib.exe
12928	Process not Found
1364	attrib.exe
6364	attrib.exe
12192	Process not Found
11624	Process not Found
8376	Process not Found
13464	Process not Found
13724	Process not Found
11712	Process not Found
9460	attrib.exe
5952	attrib.exe
13532	Process not Found
12988	Process not Found
8640	Process not Found
5224	attrib.exe
5508	attrib.exe
5328	attrib.exe
7360	attrib.exe
12428	attrib.exe
12060	attrib.exe
13084	Process not Found
11136	Process not Found
13208	Process not Found
6624	attrib.exe
7740	attrib.exe
9504	attrib.exe
14060	Process not Found
8748	attrib.exe
11164	attrib.exe
11716	attrib.exe

C:\Users\Admin\AppData\Local\Temp\3df5a240490fdd11f45de6081ce700bd.exe
"C:\Users\Admin\AppData\Local\Temp\3df5a240490fdd11f45de6081ce700bd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:408
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240615437.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:436
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Users\Admin\AppData\Local\Temp\3df5a240490fdd11f45de6081ce700bd.exe" -r -a -s -h
    3⤵
    PID:4884
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1216
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4140
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2364
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2652
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240615593.bat
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        Views/modifies file attributes
        
        PID:5508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        Executes dropped EXE
        
        PID:5304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:7792
      - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1004
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        7⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2608
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3860
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240615765.bat
        9⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        11⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240637203.bat
        11⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        Drops file in System32 directory
        
        PID:10096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:10816
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2160
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3288
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        11⤵
        Executes dropped EXE
        
        PID:3924
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240615953.bat
        12⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        13⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        13⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        13⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        13⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        13⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240637171.bat
        14⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        
        PID:12936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        13⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        13⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        13⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        12⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        13⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240616062.bat
        14⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        Views/modifies file attributes
        
        PID:5420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        Views/modifies file attributes
        
        PID:10720
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        14⤵
        Executes dropped EXE
        
        PID:1980
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        15⤵
        Executes dropped EXE
        
        PID:3936
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        16⤵
        Executes dropped EXE
        
        PID:1628
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240616546.bat
        17⤵
        
        PID:432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        18⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        18⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        18⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        18⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        18⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        18⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        18⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        18⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        17⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240616593.bat
        18⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        19⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        19⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        19⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        19⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        19⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        19⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        19⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        19⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        19⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        18⤵
        Executes dropped EXE
        
        PID:3144
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        19⤵
        Executes dropped EXE
        
        PID:4836
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        20⤵
        Executes dropped EXE
        
        PID:2532
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        21⤵
        Executes dropped EXE
        
        PID:4436
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240616781.bat
        22⤵
        Executes dropped EXE
        
        PID:4692
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        23⤵
        Executes dropped EXE
        
        PID:3156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        23⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        23⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        23⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        23⤵
        Views/modifies file attributes
        
        PID:7740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        23⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        23⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        23⤵
        
        PID:12472
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4088
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3296
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240616734.bat
        21⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        22⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        22⤵
        Drops file in System32 directory
        
        PID:5544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        22⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        22⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        22⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        22⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240616687.bat
        20⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        21⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        21⤵
        Drops file in System32 directory
        
        PID:5860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        21⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        22⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240637265.bat
        22⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        23⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        23⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        21⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        21⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        21⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        21⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240616640.bat
        19⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        20⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        20⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        20⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        20⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        20⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        20⤵
        Drops file in System32 directory
        
        PID:10008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        20⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        20⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240616468.bat
        16⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        17⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        17⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        17⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        17⤵
        Drops file in System32 directory
        
        PID:6884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        17⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        17⤵
        Views/modifies file attributes
        
        PID:7648
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        17⤵
        
        PID:10504
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        17⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240616093.bat
        15⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        16⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        17⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        18⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240635875.bat
        18⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        19⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        19⤵
        Drops file in System32 directory
        
        PID:7644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        19⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        19⤵
        Drops file in System32 directory
        
        PID:9968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        19⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        19⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        19⤵
        
        PID:9980
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        19⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240635843.bat
        17⤵
        Executes dropped EXE
        
        PID:5920
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        18⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        18⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        18⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        18⤵
        Views/modifies file attributes
        
        PID:8748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        18⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        18⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        18⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        18⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        18⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        16⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        16⤵
        Drops file in System32 directory
        
        PID:5664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        16⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        16⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        16⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        16⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        16⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240616015.bat
        13⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        14⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        14⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        14⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        14⤵
        Drops file in System32 directory
        
        PID:7016
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        14⤵
        Drops file in System32 directory
        
        PID:7288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        14⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        Views/modifies file attributes
        
        PID:11024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        15⤵
        
        PID:10076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        14⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        14⤵
        
        PID:12860
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240615890.bat
        11⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240615828.bat
        10⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240615734.bat
        8⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240615656.bat
        7⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:376
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        Drops file in System32 directory
        
        PID:7292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:12000
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240615531.bat
      4⤵
      PID:3452
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:2628
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:4704
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:5556
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:6156
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        Executes dropped EXE
        
        PID:6056
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:8044
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:8940
      - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        6⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        7⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240641250.bat
        7⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:9020
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240641359.bat
        6⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        Views/modifies file attributes
        
        PID:9460
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:9452
      - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        6⤵
        
        PID:10492
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240645015.bat
        6⤵
        
        PID:10280
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:11420
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240615500.bat
    3⤵
    PID:2688
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:1864
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:3688
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:4988
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:224
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:5676
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:6736
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:6936
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:7804
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:8100
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:9692
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:8420
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        
        PID:11680
      - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        6⤵
        
        PID:10600
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240646015.bat
        5⤵
        
        PID:11664
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:9900

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240615562.bat
1⤵
PID:3580
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:3628
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  - Views/modifies file attributes
  PID:1364
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:5656
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:6776
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:6720
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:7972
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:10544

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240616828.bat
1⤵
PID:5024
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:5276
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:5524
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  - Drops file in System32 directory
  PID:5556
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    PID:6812
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:7788
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:8752
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:8760
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:11452

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
- Executes dropped EXE
PID:4892
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  - Executes dropped EXE
  PID:716
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    - Executes dropped EXE
    PID:3648
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240617046.bat
    3⤵
    - Executes dropped EXE
    PID:5000
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:1760
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:5672
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      Executes dropped EXE
      PID:1580
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:6832
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:6772
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:6664
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:7932
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:8384
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:11184
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240617000.bat
  2⤵
  PID:4984
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:5212
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    - Views/modifies file attributes
    PID:5952
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:6720
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:6704
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:8128
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:8512
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:8808
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:11164
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:12876
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:8268
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:9204
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:8364

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240616890.bat
1⤵
PID:4252
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:4064
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:5700
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:5512
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:6676
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:8032
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:6284
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9044
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9512
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:10080

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
- Executes dropped EXE
PID:4644
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    - Executes dropped EXE
    PID:3288
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      PID:3620
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        Executes dropped EXE
        
        PID:2464
      - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        6⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240631734.bat
        7⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        7⤵
        Executes dropped EXE
        
        PID:2640
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240631765.bat
        8⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        10⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240633000.bat
        11⤵
        
        PID:5660
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        12⤵
        Executes dropped EXE
        
        PID:5724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:9932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        11⤵
        
        PID:6056
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        11⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240632953.bat
        10⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        8⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        9⤵
        Executes dropped EXE
        
        PID:5128
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        10⤵
        Executes dropped EXE
        
        PID:5252
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        11⤵
        Executes dropped EXE
        
        PID:5400
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240631984.bat
        11⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        Executes dropped EXE
        
        PID:5996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        12⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240631921.bat
        10⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        11⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240631843.bat
        9⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        Views/modifies file attributes
        
        PID:6364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:9908
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240631671.bat
        6⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        Views/modifies file attributes
        
        PID:5328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:11176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:10800
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240631609.bat
        5⤵
        
        PID:2592
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:5220
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:6856
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:7012
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:7032
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:9124
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:11104
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240631531.bat
      4⤵
      PID:2384
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:5428
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:5356
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:6452
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:7772
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:10088
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:10776
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240631453.bat
    3⤵
    PID:3612
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      Views/modifies file attributes
      PID:5224
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:5884
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        
        PID:7000
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240636843.bat
        5⤵
        
        PID:6576
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        Drops file in System32 directory
        
        PID:7232
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        Drops file in System32 directory
        
        PID:7684
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        7⤵
        
        PID:8268
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:10620
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:6752
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:8248
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:8420
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:11724
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:6332
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:7896
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:7472
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:9976
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:11312
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240617171.bat
  2⤵
  PID:1908
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:5288
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:5408
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      PID:9164
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        
        PID:10140
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240643078.bat
        5⤵
        
        PID:9692
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:10048
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:12552
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240642953.bat
      4⤵
      PID:9876
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:10836
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:12340
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:5736
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:7888
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:10784

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240617093.bat
1⤵
PID:3408
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:5664
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:6164
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  - Drops file in System32 directory
  PID:6380
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:6292
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:7360
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9828
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  - Drops file in System32 directory
  PID:10168
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:10492

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
- Executes dropped EXE
PID:5480
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:5724
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240632328.bat
    3⤵
    PID:5824
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:5800
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:6768
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:6736
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:7052
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        
        PID:6772
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240640828.bat
        6⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:12308
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:8572
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:10736
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:12420
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    - Executes dropped EXE
    PID:5832
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      Executes dropped EXE
      PID:5968
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240632390.bat
      4⤵
      PID:5960
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        Executes dropped EXE
        
        PID:5240
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:6744
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:6932
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:6628
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:8248
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:9628
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:8688
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240632078.bat
  2⤵
  PID:5604
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    - Views/modifies file attributes
    PID:6840
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:7032
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:7472
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:10096

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240632046.bat
1⤵
PID:5472
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:5356
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:5156
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:6680
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:7052
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:8056
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9924
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9236
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:11032

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
- Executes dropped EXE
PID:6052
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240632468.bat
  2⤵
  PID:6100
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:5688
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    - Views/modifies file attributes
    PID:2376
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    - Views/modifies file attributes
    PID:7076
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:7752
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:9236
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:8444
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:11908
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:12168
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  - Executes dropped EXE
  PID:6136
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240632531.bat
    3⤵
    PID:4604
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4504
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:5656
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:5200
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      Views/modifies file attributes
      PID:8096
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      Drops file in System32 directory
      PID:8124
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:9500
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:12800
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    PID:5240
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      Executes dropped EXE
      PID:3696
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240632578.bat
      4⤵
      PID:5344
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:6256
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:6572
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:7840
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:8952
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:12672

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240632437.bat
1⤵
PID:6036
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:5988
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  - Views/modifies file attributes
  PID:7156
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:7248
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  - Views/modifies file attributes
  PID:8696
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:8908
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:10820
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  - Drops file in System32 directory
  PID:9236

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240632609.bat
1⤵
PID:5052
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:5224
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:5736
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:6640
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:7756
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:8924
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:11696

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
- Executes dropped EXE
PID:5368
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  - Executes dropped EXE
  PID:5492
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240632703.bat
  2⤵
  PID:5572
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:6824
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    - Views/modifies file attributes
    PID:6624
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:7872
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:9052
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:9724
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:11512

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240632640.bat
1⤵
PID:5460
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:6540
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:3520
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:6236
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:8384
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9772

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:5228

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:5304

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:5848
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240632812.bat
  2⤵
  PID:5672
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:6528
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:7072
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:6644
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:9052
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:9952
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:8984
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  - Executes dropped EXE
  PID:6092
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    PID:5996
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240632859.bat
    3⤵
    PID:5260
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      Views/modifies file attributes
      PID:6792
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:7044
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:7040
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:9060
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:9780
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:9232
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:10300
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:11188

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
- Executes dropped EXE
PID:6000
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:3572
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240633171.bat
    3⤵
    PID:5836
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:6200
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:5840
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:6152
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:6200
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:6200
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:12516
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    - Executes dropped EXE
    PID:3400
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240633109.bat
  2⤵
  PID:5780
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:4304
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:7040
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:6584
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:7748
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      PID:9156
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240641453.bat
        5⤵
        
        PID:8596
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:9960
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        
        PID:9272
      - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        6⤵
        Drops file in System32 directory
        
        PID:9484
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240641734.bat
        6⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:12680
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240641421.bat
      4⤵
      PID:8932
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:9944
      - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        6⤵
        
        PID:5408
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240642796.bat
        6⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:12780
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:12636
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:10096
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:10280
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:11260

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240633062.bat
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:3620
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:6908
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:7472
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:8528
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:8828
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:12620

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:5848
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:5920
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    PID:6228
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      PID:6320
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        Executes dropped EXE
        
        PID:6428
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240633453.bat
        5⤵
        
        PID:6416
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:6236
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        Views/modifies file attributes
        
        PID:7360
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:6228
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:8176
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:9260
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:8572
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:8692
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:9848
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240633406.bat
      4⤵
      PID:6308
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:6320
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240639640.bat
        6⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:7680
      - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        6⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240639750.bat
        7⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:10384
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        9⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240645203.bat
        9⤵
        
        PID:10528
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        7⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240639390.bat
        8⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        10⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240639859.bat
        8⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        9⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        8⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:8412
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:7812
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        Drops file in System32 directory
        
        PID:8980
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:12492
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240633359.bat
    3⤵
    PID:6220
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:6788
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      Drops file in System32 directory
      PID:6792
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:8628
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:10724
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240633265.bat
  2⤵
  PID:6008
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:6972
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      PID:6156
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240637421.bat
        5⤵
        
        PID:6940
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:5652
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:9076
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:9940
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:10532
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        
        PID:6792
      - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        6⤵
        
        PID:7188
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240637515.bat
        6⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:12704
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240637375.bat
      4⤵
      PID:6892
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:7284
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:7360
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:10324
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:5680
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:7148
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:9868
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:12052

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240633218.bat
1⤵
- Executes dropped EXE
PID:5364
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:5680
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:6088
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:6532
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9360

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240633484.bat
1⤵
PID:6492
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  - Executes dropped EXE
  - Views/modifies file attributes
  PID:3572
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:6896
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:7748
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9036
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:7896
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9356
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9984

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
- Executes dropped EXE
PID:6520
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:6880
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    - Executes dropped EXE
    PID:6924
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240635640.bat
    3⤵
    PID:6916
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:5152
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:6524
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:8688
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240633531.bat
  2⤵
  PID:6648
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:7148
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:5152
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:8376
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:10496
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:9240

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:5508

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240632781.bat
1⤵
PID:5908
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:6808
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  - Executes dropped EXE
  PID:6880
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:8000
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:7680
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:8340

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
- Executes dropped EXE
PID:5060

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240635796.bat
1⤵
- Executes dropped EXE
PID:5848
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:6164
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:5152
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9644
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9628
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:11320

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:5328
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:5884
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240636531.bat
  2⤵
  - Drops file in System32 directory
  PID:6408
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:7576
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:7376
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:9828

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240636390.bat
1⤵
PID:5636
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:7376
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:8520
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9080
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:10560

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:6736
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240636937.bat
  2⤵
  PID:6280
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:7328
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:10040
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:10216
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:7052
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    PID:6456
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240637140.bat
      4⤵
      PID:6908
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:6896
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:7928
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        Drops file in System32 directory
        
        PID:10316
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      PID:5556
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:12628
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240636984.bat
    3⤵
    PID:6836
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:7900
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:9172
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:9600

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:6152

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240636921.bat
1⤵
PID:7088
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:7392
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:10584
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:9000
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  - Views/modifies file attributes
  PID:8588
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9980
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:12152

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:7520
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240637765.bat
  2⤵
  PID:7604
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:7696
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:9572
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:11248
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:10880
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:7624
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    PID:7864
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      PID:7988
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        Drops file in System32 directory
        
        PID:8080
      - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        6⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240638281.bat
        7⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        8⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        7⤵
        
        PID:7508
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240638046.bat
        5⤵
        
        PID:8068
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:7904
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:8984
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:11260
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:11672
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240638000.bat
      4⤵
      PID:7980
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:8044
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:10696
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:11480
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240637890.bat
    3⤵
    PID:7824
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      Views/modifies file attributes
      PID:7328
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:10092
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:10832

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240638125.bat
1⤵
PID:6372
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:7692
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9916
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:11224
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    PID:10464
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240646359.bat
      4⤵
      PID:8420
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:9356
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:10676
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      PID:9528
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        
        PID:9800
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240646421.bat
        5⤵
        
        PID:11380
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240646265.bat
    3⤵
    PID:10852
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:10884

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240637687.bat
1⤵
PID:7512
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:7304
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:7204
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:11820

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:7448

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240637640.bat
1⤵
PID:7436
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9160
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9980

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:7288

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240637578.bat
1⤵
PID:7260
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:7564
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:10048
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:12536

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:7524
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:7820
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    PID:6968
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      PID:6984
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        
        PID:6856
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240638671.bat
      4⤵
      PID:7364
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:6800
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:9940
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        Drops file in System32 directory
        
        PID:11616
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240638562.bat
    3⤵
    PID:6208
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:8608
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:9984
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:9672
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:11344
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240638437.bat
  2⤵
  PID:7628
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:9376

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240638343.bat
1⤵
PID:7344
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:6812
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:8468
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9380
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:10896
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:11764

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:8076
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:7000
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    PID:7324
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      PID:8184
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        
        PID:7192
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240639468.bat
        6⤵
        
        PID:8108
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        Views/modifies file attributes
        
        PID:8448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:10860
      - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        6⤵
        Executes dropped EXE
        
        PID:6320
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240639296.bat
      4⤵
      PID:5652
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:10280
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        5⤵
        
        PID:12044
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240639078.bat
    3⤵
    PID:8032
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:8408
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:10228
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:11832
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240639031.bat
  2⤵
  PID:8148
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:8632
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:8984
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:11708

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:7624

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240638890.bat
1⤵
PID:8064
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9196
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:12904

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
- Executes dropped EXE
PID:6228

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
- Drops file in System32 directory
PID:7816

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240638843.bat
1⤵
PID:7652
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:8860
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:7680
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:11568

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:8800

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240640203.bat
1⤵
PID:8792
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9496
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:10820
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:11832

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:8240

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240640437.bat
1⤵
PID:6856
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:10024
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:12664

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:8660
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:8860

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240640953.bat
1⤵
PID:8348
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  - Views/modifies file attributes
  PID:12428

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:8740

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:9308

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:9228

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:9636
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:9812
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    PID:10056
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      PID:8408
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240642328.bat
        5⤵
        
        PID:9440
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:11740
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:11424
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        
        PID:7076
      - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        6⤵
        
        PID:9608
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240642046.bat
    3⤵
    PID:9988
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      Drops file in System32 directory
      PID:5408
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:11596
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240641984.bat
  2⤵
  PID:9804
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:10728
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:9868

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240641843.bat
1⤵
PID:9612
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9872
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:11544

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:9676

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
- Views/modifies file attributes
PID:9504

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:7908

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:8940

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240641281.bat
1⤵
PID:8648
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9308

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:9036

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:7748

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240641218.bat
1⤵
PID:6200
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9428

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:8668

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240641187.bat
1⤵
PID:9068
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9968

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:6300

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:9356

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
- Drops file in System32 directory
PID:8448
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:8944
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240642578.bat
  2⤵
  PID:9576
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:10344
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:12192

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:9620
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:9944
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240642718.bat
  2⤵
  PID:9220
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:10256
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    - Views/modifies file attributes
    PID:12060

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240642656.bat
1⤵
PID:9716
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:9820
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:10584

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:9540
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240643187.bat
  2⤵
  PID:10304
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:10332

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:10404
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240643296.bat
  2⤵
  PID:10456
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:10900
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:12056
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:10536
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240643468.bat
    3⤵
    PID:10640
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:12464
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    PID:10648
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      PID:10852
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        
        PID:10924
      - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        6⤵
        
        PID:11076
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240643750.bat
        6⤵
        
        PID:11068
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240643640.bat
        5⤵
        
        PID:10916
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        6⤵
        
        PID:9960
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240643593.bat
      4⤵
      PID:10844

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240643234.bat
1⤵
PID:10396
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:12688

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240643156.bat
1⤵
PID:9468
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:12316

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:8268
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:10520
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    PID:10676
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      PID:9832
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        
        PID:9800
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240644671.bat
    3⤵
    PID:8408
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:9960
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240644625.bat
  2⤵
  PID:10228

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240642484.bat
1⤵
PID:9720
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:8892
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
  2⤵
  PID:11912

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:11156
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:10132
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    PID:7748
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      PID:8828
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        
        PID:10976
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240644359.bat
        6⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
        7⤵
        
        PID:11356
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240644203.bat
      4⤵
      PID:9316
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240644031.bat
    3⤵
    PID:9704
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
      4⤵
      PID:11808
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240643875.bat
  2⤵
  PID:8292
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
    3⤵
    PID:11416
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      PID:12016
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240646734.bat
      4⤵
      PID:11556

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240643781.bat
1⤵
PID:11148

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
- Views/modifies file attributes
PID:11164

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:10164

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:7472

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:7680

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:9020

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:11368

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:10620

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:10892

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:11224

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240646218.bat
1⤵
PID:11956
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:11208

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:7972

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:10968

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:10532

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
- Views/modifies file attributes
PID:11716

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:11724

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:11768

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240647109.bat
1⤵
PID:10944
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:10584

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:9020
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:10860
- - C:\Windows\SysWOW64\igdjolee1.exe
    C:\Windows\system32\igdjolee1.exe
    3⤵
    PID:12292
  - - C:\Windows\SysWOW64\igdjolee1.exe
      C:\Windows\system32\igdjolee1.exe
      4⤵
      PID:12400
    - - C:\Windows\SysWOW64\igdjolee1.exe
        
        C:\Windows\system32\igdjolee1.exe
        5⤵
        
        PID:12608
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240647500.bat
        5⤵
        
        PID:12600
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240647359.bat
      4⤵
      PID:12392
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240647250.bat
    3⤵
    PID:9240
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240647171.bat
  2⤵
  - Drops file in System32 directory
  PID:7748

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:9524

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:12372

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:9428

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:12200

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:11908

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:10692

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240647015.bat
1⤵
PID:11796

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:10660

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240646890.bat
1⤵
PID:10040

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:11544

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240646781.bat
1⤵
PID:11268

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:12148

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:12696

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:12988
- C:\Windows\SysWOW64\igdjolee1.exe
  C:\Windows\system32\igdjolee1.exe
  2⤵
  PID:13072
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240647718.bat
  2⤵
  PID:13064

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240647671.bat
1⤵
PID:12980

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:13004

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:12868

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240647609.bat
1⤵
PID:12852

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:12544

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:11076

C:\Windows\SysWOW64\igdjolee1.exe
C:\Windows\system32\igdjolee1.exe
1⤵
PID:11416

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240646593.bat
1⤵
PID:11784

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\igdjolee1.exe" -r -a -s -h
1⤵
PID:10696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\CBAN240615437.bat

Filesize
290B

MD5
c87f11a89e5a9b8a5746b629ed9d6a61

SHA1
4dbe43c942cbcfe05ec8bf007fd8899a994356ca

SHA256
7651827b1f8f77d1be0940bc374f9e14a3658e0d11445bee80d0115a7646ae6c

SHA512
87b9316517c1f7936aafc6144498ca528dddc9f78e1feff4d08df2412eb7a534b60334ea5fef1d2e787615367fe841a035e9f48e4d0a9877dc3f2f02c66fb019

Download Submit
C:\CBAN240615562.bat

Filesize
179B

MD5
d13e086dde121cd045153f2e3b875d35

SHA1
00f41117bb979db4f12fe4bed38296fc4f06e7da

SHA256
c4f680ec51b63cf3022ba0962713df1cb69dd96e1490032a5292a63bf5844e46

SHA512
ea64fb0ffdd9bb7b9b62a4d518550606fa5aed96da7a849ea65564c25ba09dc17867ac62e5b9ca05f04dbde3c9258b0a9269903e3d34df0ae5a405ce58d2bd2a

Download Submit
C:\Windows\SysWOW64\igdjolee1.exe

Filesize
5KB

MD5
3df5a240490fdd11f45de6081ce700bd

SHA1
f44938d2c08aca417bc40a95e9cb55a677121ff5

SHA256
b93acbe956e13cf3c2f1c00e5fbe98c5fbb75a53ea83e7da848c0a70e9d308d6

SHA512
07d49108f9e57ac6bd18c9c9da1698791b063bcadac899004e7a77fa016fe4be3b50577c7a5ad01aa6c84059e1860ef7d19cdb5336a46ad906479da67ed4a3de

Download Submit