3beb594697f6b3b933436f318fb998484f6c0ea8f14e1d57cfd3fa720b614648

Analysis

max time kernel
143s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2024 03:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

453155d693c6842c17d85d53707c6b16.exe
Size

4KB
MD5

453155d693c6842c17d85d53707c6b16
SHA1

b3ce31e2d195055950b4beba26777028f0581d42
SHA256

3beb594697f6b3b933436f318fb998484f6c0ea8f14e1d57cfd3fa720b614648
SHA512

e154f526b69843a64b0ef2fbf32bc6706fcaf7b63580444cd936a39ba02647938640189f47d48e1c664e15e55a53abc818da7eacfd599571cea83fe1af6f1fb6
SSDEEP

48:kCsPwYV/q73bOrHGpNYa13ftGBrolZ1gbM1aTayiGNGNGNGNGNGNGNGx:kJ3pqjb4HGpPvtGBeV1aTaM0000000x

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
848	IGB_ZX_1015.exe
4160	IGB_ZX_1015.exe
4592	IGB_ZX_1015.exe
3608	IGB_ZX_1015.exe
4636	IGB_ZX_1015.exe
1580	IGB_ZX_1015.exe
4444	IGB_ZX_1015.exe
4536	IGB_ZX_1015.exe
4676	IGB_ZX_1015.exe
1912	IGB_ZX_1015.exe
116	IGB_ZX_1015.exe
1776	IGB_ZX_1015.exe
1900	IGB_ZX_1015.exe
3328	IGB_ZX_1015.exe
4412	IGB_ZX_1015.exe
4756	IGB_ZX_1015.exe
3004	IGB_ZX_1015.exe
5108	IGB_ZX_1015.exe
4464	IGB_ZX_1015.exe
3980	IGB_ZX_1015.exe
2020	IGB_ZX_1015.exe
988	IGB_ZX_1015.exe
3616	IGB_ZX_1015.exe
732	IGB_ZX_1015.exe
4284	IGB_ZX_1015.exe
1904	IGB_ZX_1015.exe
3948	IGB_ZX_1015.exe
4052	IGB_ZX_1015.exe
3384	IGB_ZX_1015.exe
4252	IGB_ZX_1015.exe
4428	IGB_ZX_1015.exe
3784	Conhost.exe
3948	IGB_ZX_1015.exe
5372	IGB_ZX_1015.exe
5644	IGB_ZX_1015.exe
5772	attrib.exe
5828	IGB_ZX_1015.exe
5896	IGB_ZX_1015.exe
5960	IGB_ZX_1015.exe
6024	IGB_ZX_1015.exe
6104	IGB_ZX_1015.exe
5160	IGB_ZX_1015.exe
5772	attrib.exe
6012	IGB_ZX_1015.exe
5852	cmd.exe
6000	IGB_ZX_1015.exe
6208	IGB_ZX_1015.exe
6316	IGB_ZX_1015.exe
6400	cmd.exe
6500	IGB_ZX_1015.exe
6744	IGB_ZX_1015.exe
6868	IGB_ZX_1015.exe
6992	Conhost.exe
7080	IGB_ZX_1015.exe
7144	IGB_ZX_1015.exe
6252	IGB_ZX_1015.exe
6236	IGB_ZX_1015.exe
5320	IGB_ZX_1015.exe
5452	IGB_ZX_1015.exe
6060	Conhost.exe
6744	IGB_ZX_1015.exe
6868	IGB_ZX_1015.exe
6484	Conhost.exe
6276	IGB_ZX_1015.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	IGB_ZX_1015.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Conhost.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	cmd.exe
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	IGB_ZX_1015.exe
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	453155d693c6842c17d85d53707c6b16.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	IGB_ZX_1015.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Conhost.exe
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	IGB_ZX_1015.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Conhost.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	IGB_ZX_1015.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	cmd.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Conhost.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Conhost.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Conhost.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	cmd.exe
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	IGB_ZX_1015.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	IGB_ZX_1015.exe
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	IGB_ZX_1015.exe
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	IGB_ZX_1015.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	IGB_ZX_1015.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Conhost.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	Process not Found
File created	C:\Windows\SysWOW64\IGB_ZX_1015.exe	IGB_ZX_1015.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGB_ZX_1015.exe	attrib.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
10676	11456	Process not Found	1974

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3360 wrote to memory of 1972	3360	453155d693c6842c17d85d53707c6b16.exe	93
PID 3360 wrote to memory of 1972	3360	453155d693c6842c17d85d53707c6b16.exe	93
PID 3360 wrote to memory of 1972	3360	453155d693c6842c17d85d53707c6b16.exe	93
PID 3360 wrote to memory of 848	3360	453155d693c6842c17d85d53707c6b16.exe	94
PID 3360 wrote to memory of 848	3360	453155d693c6842c17d85d53707c6b16.exe	94
PID 3360 wrote to memory of 848	3360	453155d693c6842c17d85d53707c6b16.exe	94
PID 848 wrote to memory of 1220	848	IGB_ZX_1015.exe	95
PID 848 wrote to memory of 1220	848	IGB_ZX_1015.exe	95
PID 848 wrote to memory of 1220	848	IGB_ZX_1015.exe	95
PID 848 wrote to memory of 4160	848	IGB_ZX_1015.exe	96
PID 848 wrote to memory of 4160	848	IGB_ZX_1015.exe	96
PID 848 wrote to memory of 4160	848	IGB_ZX_1015.exe	96
PID 4160 wrote to memory of 4652	4160	IGB_ZX_1015.exe	99
PID 4160 wrote to memory of 4652	4160	IGB_ZX_1015.exe	99
PID 4160 wrote to memory of 4652	4160	IGB_ZX_1015.exe	99
PID 4160 wrote to memory of 4592	4160	IGB_ZX_1015.exe	100
PID 4160 wrote to memory of 4592	4160	IGB_ZX_1015.exe	100
PID 4160 wrote to memory of 4592	4160	IGB_ZX_1015.exe	100
PID 4592 wrote to memory of 3632	4592	IGB_ZX_1015.exe	102
PID 4592 wrote to memory of 3632	4592	IGB_ZX_1015.exe	102
PID 4592 wrote to memory of 3632	4592	IGB_ZX_1015.exe	102
PID 4592 wrote to memory of 3608	4592	IGB_ZX_1015.exe	103
PID 4592 wrote to memory of 3608	4592	IGB_ZX_1015.exe	103
PID 4592 wrote to memory of 3608	4592	IGB_ZX_1015.exe	103
PID 3608 wrote to memory of 5052	3608	IGB_ZX_1015.exe	105
PID 3608 wrote to memory of 5052	3608	IGB_ZX_1015.exe	105
PID 3608 wrote to memory of 5052	3608	IGB_ZX_1015.exe	105
PID 3608 wrote to memory of 4636	3608	IGB_ZX_1015.exe	104
PID 3608 wrote to memory of 4636	3608	IGB_ZX_1015.exe	104
PID 3608 wrote to memory of 4636	3608	IGB_ZX_1015.exe	104
PID 4636 wrote to memory of 5012	4636	IGB_ZX_1015.exe	108
PID 4636 wrote to memory of 5012	4636	IGB_ZX_1015.exe	108
PID 4636 wrote to memory of 5012	4636	IGB_ZX_1015.exe	108
PID 4636 wrote to memory of 1580	4636	IGB_ZX_1015.exe	109
PID 4636 wrote to memory of 1580	4636	IGB_ZX_1015.exe	109
PID 4636 wrote to memory of 1580	4636	IGB_ZX_1015.exe	109
PID 1580 wrote to memory of 1992	1580	IGB_ZX_1015.exe	111
PID 1580 wrote to memory of 1992	1580	IGB_ZX_1015.exe	111
PID 1580 wrote to memory of 1992	1580	IGB_ZX_1015.exe	111
PID 1580 wrote to memory of 4444	1580	IGB_ZX_1015.exe	112
PID 1580 wrote to memory of 4444	1580	IGB_ZX_1015.exe	112
PID 1580 wrote to memory of 4444	1580	IGB_ZX_1015.exe	112
PID 4444 wrote to memory of 4700	4444	IGB_ZX_1015.exe	116
PID 4444 wrote to memory of 4700	4444	IGB_ZX_1015.exe	116
PID 4444 wrote to memory of 4700	4444	IGB_ZX_1015.exe	116
PID 4444 wrote to memory of 4536	4444	IGB_ZX_1015.exe	115
PID 4444 wrote to memory of 4536	4444	IGB_ZX_1015.exe	115
PID 4444 wrote to memory of 4536	4444	IGB_ZX_1015.exe	115
PID 4536 wrote to memory of 2992	4536	IGB_ZX_1015.exe	119
PID 4536 wrote to memory of 2992	4536	IGB_ZX_1015.exe	119
PID 4536 wrote to memory of 2992	4536	IGB_ZX_1015.exe	119
PID 4536 wrote to memory of 4676	4536	IGB_ZX_1015.exe	117
PID 4536 wrote to memory of 4676	4536	IGB_ZX_1015.exe	117
PID 4536 wrote to memory of 4676	4536	IGB_ZX_1015.exe	117
PID 4676 wrote to memory of 2928	4676	IGB_ZX_1015.exe	120
PID 4676 wrote to memory of 2928	4676	IGB_ZX_1015.exe	120
PID 4676 wrote to memory of 2928	4676	IGB_ZX_1015.exe	120
PID 4676 wrote to memory of 1912	4676	IGB_ZX_1015.exe	121
PID 4676 wrote to memory of 1912	4676	IGB_ZX_1015.exe	121
PID 4676 wrote to memory of 1912	4676	IGB_ZX_1015.exe	121
PID 1912 wrote to memory of 1800	1912	IGB_ZX_1015.exe	124
PID 1912 wrote to memory of 1800	1912	IGB_ZX_1015.exe	124
PID 1912 wrote to memory of 1800	1912	IGB_ZX_1015.exe	124
PID 1912 wrote to memory of 116	1912	IGB_ZX_1015.exe	123

Views/modifies file attributes 1 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
13572	Process not Found
13136	Process not Found
5324	attrib.exe
9184	attrib.exe
12572	Process not Found
8172	attrib.exe
7372	attrib.exe
5380	attrib.exe
9652	attrib.exe
11144	attrib.exe
12056	attrib.exe
11704	Process not Found
13276	Process not Found
9236	Process not Found
8656	attrib.exe
7332	attrib.exe
7320	attrib.exe
5272	attrib.exe
9220	attrib.exe
8940	attrib.exe
10628	Process not Found
1536	Process not Found
13612	Process not Found
5132	attrib.exe
5284	attrib.exe
8896	attrib.exe
10932	attrib.exe
13376	Process not Found
5364	attrib.exe
5332	attrib.exe
8920	attrib.exe
13088	Process not Found
6052	attrib.exe
6224	attrib.exe
11176	attrib.exe
13348	Process not Found
13960	Process not Found
11708	Process not Found
12216	Process not Found
9756	attrib.exe
9152	attrib.exe
11276	Process not Found
11992	Process not Found
5576	attrib.exe
6692	attrib.exe
9572	attrib.exe
11232	attrib.exe
9852	Process not Found
5196	attrib.exe
7820	attrib.exe
8880	attrib.exe
8724	attrib.exe
13308	Process not Found
13496	Process not Found
12680	Process not Found
6640	attrib.exe
9232	attrib.exe
12320	Process not Found
13068	Process not Found
11028	attrib.exe
10620	attrib.exe
11156	Process not Found
8620	attrib.exe
10260	attrib.exe

C:\Users\Admin\AppData\Local\Temp\453155d693c6842c17d85d53707c6b16.exe
"C:\Users\Admin\AppData\Local\Temp\453155d693c6842c17d85d53707c6b16.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3360
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240667656.bat
  2⤵
  PID:1972
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Users\Admin\AppData\Local\Temp\453155d693c6842c17d85d53707c6b16.exe" -r -a -s -h
    3⤵
    PID:5340
- C:\Windows\SysWOW64\IGB_ZX_1015.exe
  C:\Windows\system32\IGB_ZX_1015.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:848
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240669484.bat
    3⤵
    PID:1220
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:5276
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:6056
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:8180
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:8908
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:6680
- - C:\Windows\SysWOW64\IGB_ZX_1015.exe
    C:\Windows\system32\IGB_ZX_1015.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4160
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240669593.bat
      4⤵
      PID:4652
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:5260
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:5304
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:5188
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:6588
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:10480
  - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
      C:\Windows\system32\IGB_ZX_1015.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4592
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240669625.bat
        5⤵
        
        PID:3632
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:5356
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:5268
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:7524
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:5336
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:9304
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:10660
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:5272
    - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3608
      - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240669734.bat
        7⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        9⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240685859.bat
        9⤵
        
        PID:7760
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        10⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1580
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240669765.bat
        8⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:10504
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4444
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4536
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4676
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240670031.bat
        11⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        Views/modifies file attributes
        
        PID:5324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        Drops file in System32 directory
        
        PID:8856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1912
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        12⤵
        Executes dropped EXE
        
        PID:116
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240670093.bat
        13⤵
        
        PID:928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        14⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        14⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        14⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        14⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        14⤵
        Views/modifies file attributes
        
        PID:8940
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        13⤵
        Executes dropped EXE
        
        PID:1776
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240670062.bat
        12⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:5308
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        14⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:6060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:8824
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        14⤵
        Drops file in System32 directory
        
        PID:8528
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240669875.bat
        10⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240669812.bat
        9⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:11048
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240669640.bat
        6⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:10472

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1900
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240670203.bat
  2⤵
  PID:1576
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    - Views/modifies file attributes
    PID:5284
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:5272
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:7320
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:8600
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:1328
- C:\Windows\SysWOW64\IGB_ZX_1015.exe
  C:\Windows\system32\IGB_ZX_1015.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240670265.bat
    3⤵
    PID:4872
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:5332
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:6232
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:6944
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:8888
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:10256
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:10620
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:11932
- - C:\Windows\SysWOW64\IGB_ZX_1015.exe
    C:\Windows\system32\IGB_ZX_1015.exe
    3⤵
    - Executes dropped EXE
    PID:4412
  - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
      C:\Windows\system32\IGB_ZX_1015.exe
      4⤵
      Executes dropped EXE
      PID:4756
    - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        5⤵
        Executes dropped EXE
        
        PID:3004
      - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        6⤵
        Executes dropped EXE
        
        PID:5108
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240670484.bat
        7⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        Views/modifies file attributes
        
        PID:7820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:11052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        7⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4464
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        8⤵
        Executes dropped EXE
        
        PID:3980
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240670578.bat
        9⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        9⤵
        Executes dropped EXE
        
        PID:2020
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        10⤵
        Executes dropped EXE
        
        PID:988
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240670937.bat
        11⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        Drops file in System32 directory
        
        PID:5248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        11⤵
        Executes dropped EXE
        
        PID:3616
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        12⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:732
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        13⤵
        Executes dropped EXE
        
        PID:4284
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        14⤵
        Executes dropped EXE
        
        PID:1904
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240672328.bat
        15⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        16⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        16⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        16⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        16⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        16⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        16⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        16⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        15⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240672375.bat
        16⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        17⤵
        Views/modifies file attributes
        
        PID:5132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        17⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        17⤵
        Views/modifies file attributes
        
        PID:6692
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        17⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        17⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        16⤵
        Executes dropped EXE
        
        PID:4052
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240672421.bat
        17⤵
        
        PID:1388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        18⤵
        Views/modifies file attributes
        
        PID:6052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        18⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        18⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        18⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        18⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        18⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        17⤵
        Executes dropped EXE
        
        PID:3384
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240672484.bat
        18⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        19⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        19⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        19⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        19⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        19⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        18⤵
        Executes dropped EXE
        
        PID:4252
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240672515.bat
        19⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        20⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        20⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        20⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        20⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        20⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        20⤵
        
        PID:11088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        20⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        19⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4428
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240672562.bat
        20⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        21⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        21⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        21⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        21⤵
        Drops file in System32 directory
        
        PID:5256
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        21⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        21⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        21⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        21⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        21⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        21⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        21⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        20⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        21⤵
        Executes dropped EXE
        
        PID:3948
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        22⤵
        Executes dropped EXE
        
        PID:5372
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        23⤵
        Executes dropped EXE
        
        PID:5644
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240673359.bat
        24⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        25⤵
        Views/modifies file attributes
        
        PID:6224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        25⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        25⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        25⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        25⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        25⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        25⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        24⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240673390.bat
        25⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        26⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        26⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        26⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        26⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        26⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        26⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        25⤵
        Executes dropped EXE
        
        PID:5828
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240673421.bat
        26⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        27⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        27⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        27⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        27⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        27⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        27⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        26⤵
        Executes dropped EXE
        
        PID:5896
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        27⤵
        Executes dropped EXE
        
        PID:5960
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240673500.bat
        28⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        29⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        29⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        29⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        30⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240678062.bat
        30⤵
        Drops file in System32 directory
        
        PID:7632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        31⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        31⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        31⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        31⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        29⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        29⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        29⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        29⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        28⤵
        Executes dropped EXE
        
        PID:6024
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240673468.bat
        27⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        28⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        28⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        28⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        28⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        28⤵
        
        PID:9916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        28⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        28⤵
        Views/modifies file attributes
        
        PID:11232
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240673296.bat
        23⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        24⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        24⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        24⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        24⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        24⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        24⤵
        Views/modifies file attributes
        
        PID:11144
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        24⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240672671.bat
        22⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        23⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        23⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        23⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        23⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        23⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        23⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240672609.bat
        21⤵
        
        PID:2584
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        22⤵
        Executes dropped EXE
        
        PID:3784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        22⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        22⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        22⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        22⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        22⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        22⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240672296.bat
        14⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        15⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        15⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        15⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        15⤵
        Views/modifies file attributes
        
        PID:7372
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        15⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        15⤵
        
        PID:10696
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240671859.bat
        13⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        14⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        14⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        14⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        14⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        14⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240671562.bat
        12⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240670734.bat
        10⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:10424
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240670515.bat
        8⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        Views/modifies file attributes
        
        PID:5364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:10340
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240670421.bat
        6⤵
        
        PID:3204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        Views/modifies file attributes
        
        PID:9652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:10820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:11464
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240670375.bat
        5⤵
        
        PID:2116
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:5316
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:5628
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240679750.bat
        7⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:10048
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        7⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240679843.bat
        8⤵
        
        PID:8328
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        9⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        8⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        9⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        10⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        11⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        12⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        13⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240680328.bat
        13⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        14⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        14⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240680218.bat
        12⤵
        
        PID:5544
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        13⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        14⤵
        Drops file in System32 directory
        
        PID:10236
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        15⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        16⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        17⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        18⤵
        
        PID:11860
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240687375.bat
        18⤵
        
        PID:11852
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240687046.bat
        17⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240686765.bat
        16⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240686578.bat
        15⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240680125.bat
        11⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        Drops file in System32 directory
        
        PID:9888
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240680078.bat
        10⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        Views/modifies file attributes
        
        PID:8620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240679937.bat
        9⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:12280
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:7860
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        Drops file in System32 directory
        
        PID:10316
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:11940
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240670328.bat
      4⤵
      PID:4448
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        Views/modifies file attributes
        
        PID:5380
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:5512
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:8188
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:9024
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:9852
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:10468

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240670125.bat
1⤵
PID:3064
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  - Views/modifies file attributes
  PID:5196
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:6224
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:7300
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:8272
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:5240
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:9680

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
- Executes dropped EXE
PID:6104
- C:\Windows\SysWOW64\IGB_ZX_1015.exe
  C:\Windows\system32\IGB_ZX_1015.exe
  2⤵
  - Executes dropped EXE
  PID:5160
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240673640.bat
    3⤵
    PID:5832
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:6376
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:5652
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:7304
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      Views/modifies file attributes
      PID:8896
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:7568
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:11832
- - C:\Windows\SysWOW64\IGB_ZX_1015.exe
    C:\Windows\system32\IGB_ZX_1015.exe
    3⤵
    PID:5772
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240673703.bat
      4⤵
      PID:5948
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:6632
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:6348
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        Views/modifies file attributes
        
        PID:8172
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        Drops file in System32 directory
        Views/modifies file attributes
        
        PID:8656
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:8780
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:10256
  - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
      C:\Windows\system32\IGB_ZX_1015.exe
      4⤵
      Executes dropped EXE
      PID:6012
    - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        5⤵
        
        PID:5852
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240673937.bat
        5⤵
        
        PID:6136
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        Views/modifies file attributes
        
        PID:6640
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:5164
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:1448
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:7724
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:4780
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:10272
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240673578.bat
  2⤵
  PID:1272
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:6584
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:1448
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:5272
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:7436
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:10280

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240673546.bat
1⤵
PID:6096
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:6592
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:6892
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:6552
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:5228
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:7416
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:8940
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:8012

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
- Executes dropped EXE
PID:6000
- C:\Windows\SysWOW64\IGB_ZX_1015.exe
  C:\Windows\system32\IGB_ZX_1015.exe
  2⤵
  - Executes dropped EXE
  PID:6208
- - C:\Windows\SysWOW64\IGB_ZX_1015.exe
    C:\Windows\system32\IGB_ZX_1015.exe
    3⤵
    - Executes dropped EXE
    PID:6316
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240674109.bat
      4⤵
      PID:6356
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:6768
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:6640
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:8888
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:10172
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:11176
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:9864
  - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
      C:\Windows\system32\IGB_ZX_1015.exe
      4⤵
      PID:6400
    - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        5⤵
        Executes dropped EXE
        
        PID:6500
      - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        6⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        7⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        8⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240675031.bat
        9⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        Views/modifies file attributes
        
        PID:9220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:11092
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        9⤵
        Executes dropped EXE
        
        PID:7080
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        10⤵
        Executes dropped EXE
        
        PID:7144
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240675093.bat
        10⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        Views/modifies file attributes
        
        PID:5576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240674984.bat
        8⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240674921.bat
        7⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:9096
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240674484.bat
        6⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240676093.bat
        8⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        Drops file in System32 directory
        
        PID:7208
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:10608
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240674218.bat
        5⤵
        
        PID:6492
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:6752
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:7060
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        Drops file in System32 directory
        
        PID:6280
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:6836
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:5296
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:8028
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:8876
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:8804
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        Views/modifies file attributes
        
        PID:9572
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:10012
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:11112
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:10916
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240674062.bat
    3⤵
    PID:6308
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:6816
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:6888
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      Executes dropped EXE
      PID:5772
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:5484
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:9068
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240674031.bat
  2⤵
  PID:6200
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:6760
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:5724
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:7180
  - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
      C:\Windows\system32\IGB_ZX_1015.exe
      4⤵
      PID:7832
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240678265.bat
      4⤵
      Drops file in System32 directory
      PID:7524
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:8336
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:9824
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:9744
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:7996
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:8972
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:11160
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:10432

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240673968.bat
1⤵
PID:3640
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:6624
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:5600
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:8864
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:10148
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:9532
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:10576

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240675156.bat
1⤵
- Executes dropped EXE
PID:5852
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  - Views/modifies file attributes
  PID:5332
- - C:\Windows\SysWOW64\IGB_ZX_1015.exe
    C:\Windows\system32\IGB_ZX_1015.exe
    3⤵
    - Executes dropped EXE
    PID:3948
  - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
      C:\Windows\system32\IGB_ZX_1015.exe
      4⤵
      PID:6056
    - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        5⤵
        
        PID:5592
      - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        6⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240676703.bat
        7⤵
        
        PID:5692
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        8⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        Views/modifies file attributes
        
        PID:9232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        Views/modifies file attributes
        
        PID:7332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        7⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        8⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        9⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        10⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        11⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        12⤵
        Drops file in System32 directory
        
        PID:7428
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240677078.bat
        12⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240676984.bat
        11⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240676859.bat
        10⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240676796.bat
        9⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240676765.bat
        8⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:7996
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240676656.bat
        6⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:8724
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240676609.bat
        5⤵
        
        PID:6880
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:8324
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:9684
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:7320
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:11436
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240676562.bat
      4⤵
      PID:6552
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:7592
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:9056
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:10084
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:8460
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:9964
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240676375.bat
    3⤵
    PID:6920
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:7996
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:8900
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:9744
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:8132
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:3224
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  - Drops file in System32 directory
  PID:6020
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:11548

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
- Executes dropped EXE
PID:6252
- C:\Windows\SysWOW64\IGB_ZX_1015.exe
  C:\Windows\system32\IGB_ZX_1015.exe
  2⤵
  - Executes dropped EXE
  PID:6236
- - C:\Windows\SysWOW64\IGB_ZX_1015.exe
    C:\Windows\system32\IGB_ZX_1015.exe
    3⤵
    - Executes dropped EXE
    PID:5320
  - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
      C:\Windows\system32\IGB_ZX_1015.exe
      4⤵
      Executes dropped EXE
      PID:5452
    - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        5⤵
        
        PID:6060
      - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:6744
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240675703.bat
        7⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        Views/modifies file attributes
        
        PID:8724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:10776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:10880
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        7⤵
        Executes dropped EXE
        
        PID:6868
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        8⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        9⤵
        Executes dropped EXE
        
        PID:6276
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        10⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        11⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240675984.bat
        12⤵
        
        PID:5460
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        13⤵
        Executes dropped EXE
        
        PID:6484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        13⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        12⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        13⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        14⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        15⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        16⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240676312.bat
        16⤵
        
        PID:5140
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        17⤵
        Drops file in System32 directory
        
        PID:5164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        17⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240680640.bat
        18⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        19⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        19⤵
        
        PID:10920
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        18⤵
        
        PID:9260
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        17⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        17⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        17⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240676265.bat
        15⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        16⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        16⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        16⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        17⤵
        Drops file in System32 directory
        
        PID:7656
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        18⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        19⤵
        Drops file in System32 directory
        
        PID:10488
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        20⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        21⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        22⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        23⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        24⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240685765.bat
        24⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240685625.bat
        23⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240685484.bat
        22⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        23⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240685296.bat
        21⤵
        
        PID:9384
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        22⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        22⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240685203.bat
        20⤵
        
        PID:9692
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        21⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        21⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240685015.bat
        19⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        20⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240684921.bat
        18⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        19⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240684875.bat
        17⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        18⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240676187.bat
        14⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        15⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        16⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        17⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        18⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240679546.bat
        18⤵
        
        PID:7572
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        19⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        19⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        19⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        19⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240679515.bat
        17⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        18⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        18⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        18⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240679484.bat
        16⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        17⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        17⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        18⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        17⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        15⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        15⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240675906.bat
        11⤵
        
        PID:6748
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        12⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        12⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240675875.bat
        10⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240675781.bat
        9⤵
        Executes dropped EXE
        
        PID:6400
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        10⤵
        Drops file in System32 directory
        
        PID:5252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        11⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240675750.bat
        8⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:11152
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        10⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:11244
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240675640.bat
        6⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:8064
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240675484.bat
        5⤵
        
        PID:5716
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:7192
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:8188
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        Views/modifies file attributes
        
        PID:9152
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:8064
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240675390.bat
      4⤵
      PID:5488
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:5936
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:5204
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:7328
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:7728
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:7436
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:8116
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:8708
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:7664
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:10264
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:11876
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240675265.bat
    3⤵
    PID:5552
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      Drops file in System32 directory
      PID:6624
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:8940
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:10184
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:9508
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:11112
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240675203.bat
  2⤵
  PID:6488
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    - Drops file in System32 directory
    PID:7264
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:8880
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:9380
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    - Views/modifies file attributes
    PID:10260
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:11532

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:6752

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:5512

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:5388

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:7612
- C:\Windows\SysWOW64\IGB_ZX_1015.exe
  C:\Windows\system32\IGB_ZX_1015.exe
  2⤵
  PID:7720
- - C:\Windows\SysWOW64\IGB_ZX_1015.exe
    C:\Windows\system32\IGB_ZX_1015.exe
    3⤵
    PID:7796
  - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
      C:\Windows\system32\IGB_ZX_1015.exe
      4⤵
      PID:7932
    - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        5⤵
        
        PID:8016
      - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        6⤵
        
        PID:8108
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240677500.bat
        6⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        Views/modifies file attributes
        
        PID:5272
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240677406.bat
      4⤵
      PID:7920
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:7828
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:9288
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:7368
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        Views/modifies file attributes
        
        PID:11176
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240677328.bat
    3⤵
    PID:7788
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:7724
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:8116
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:9712
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:11256
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      Views/modifies file attributes
      PID:10620
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240677296.bat
  2⤵
  PID:7712
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:9028
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:9824
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:10984
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:11164

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240677203.bat
1⤵
PID:7600
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:7508
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:8208
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:11104
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:11252

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240677453.bat
1⤵
PID:7988
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:7780
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:7328
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:10560

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:7556
- C:\Windows\SysWOW64\IGB_ZX_1015.exe
  C:\Windows\system32\IGB_ZX_1015.exe
  2⤵
  PID:7180
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240678203.bat
  2⤵
  PID:7644
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:9180
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:6680
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:11128
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:12224

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240678343.bat
1⤵
PID:8240
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:8208
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:4788
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:9964

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:8252
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240678406.bat
  2⤵
  PID:8300
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:7232
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:10096
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:5652
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:11864
- C:\Windows\SysWOW64\IGB_ZX_1015.exe
  C:\Windows\system32\IGB_ZX_1015.exe
  2⤵
  PID:8352
- - C:\Windows\SysWOW64\IGB_ZX_1015.exe
    C:\Windows\system32\IGB_ZX_1015.exe
    3⤵
    PID:8416
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240678468.bat
    3⤵
    PID:8408
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:7304
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:10232
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:9444

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:7880

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240678312.bat
1⤵
PID:7456
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:7656
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:8584
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:10152
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:11368

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240678109.bat
1⤵
PID:6640
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:8988
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:5652
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:10384

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:7544

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240677843.bat
1⤵
PID:7588
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  - Views/modifies file attributes
  PID:8920
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:9676
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  - Views/modifies file attributes
  PID:10932
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:10272

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:8488
- C:\Windows\SysWOW64\IGB_ZX_1015.exe
  C:\Windows\system32\IGB_ZX_1015.exe
  2⤵
  PID:8636
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240678718.bat
    3⤵
    PID:8728
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:7292
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:9212
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240678578.bat
  2⤵
  PID:8628
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:8924
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    - Drops file in System32 directory
    PID:8332
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:11652

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240678500.bat
1⤵
PID:8476
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:5628
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:8892
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:2084
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:11632

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:8200
- C:\Windows\SysWOW64\IGB_ZX_1015.exe
  C:\Windows\system32\IGB_ZX_1015.exe
  2⤵
  PID:8492
- - C:\Windows\SysWOW64\IGB_ZX_1015.exe
    C:\Windows\system32\IGB_ZX_1015.exe
    3⤵
    PID:8532
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240679359.bat
      4⤵
      PID:5576
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:8764
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:7436
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        Views/modifies file attributes
        
        PID:11028
  - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
      C:\Windows\system32\IGB_ZX_1015.exe
      4⤵
      PID:8140
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240679312.bat
    3⤵
    PID:8676
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      Views/modifies file attributes
      PID:9756
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:9212
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:11492
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240679218.bat
  2⤵
  PID:8616
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:9764
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:1448
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:11556

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:7912
- C:\Windows\SysWOW64\IGB_ZX_1015.exe
  C:\Windows\system32\IGB_ZX_1015.exe
  2⤵
  PID:3224
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240679687.bat
  2⤵
  PID:7300
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:8880
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:11136
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:11980

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240679593.bat
1⤵
PID:7680
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:9476
- - C:\Windows\SysWOW64\IGB_ZX_1015.exe
    C:\Windows\system32\IGB_ZX_1015.exe
    3⤵
    PID:8928
  - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
      C:\Windows\system32\IGB_ZX_1015.exe
      4⤵
      PID:220
    - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        5⤵
        
        PID:9256
      - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        6⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        7⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        8⤵
        
        PID:10444
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        9⤵
        
        PID:10776
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        10⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240683656.bat
        11⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        11⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240683562.bat
        10⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        11⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240683468.bat
        9⤵
        
        PID:10768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240683265.bat
        8⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240683156.bat
        7⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:10028
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240683109.bat
        6⤵
        
        PID:9916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:11128
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240682968.bat
        5⤵
        
        PID:9120
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:9652
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:8148
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:6680
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240682937.bat
      4⤵
      PID:2776
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:11012
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240682812.bat
    3⤵
    PID:7196
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:8860
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:9888
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:11168
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:9868

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240679156.bat
1⤵
- Drops file in System32 directory
PID:5468
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:9556
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:11008
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:11328

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:9004

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240678968.bat
1⤵
PID:8996
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:8712
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:10036
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:8888

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:8916

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240678859.bat
1⤵
PID:8840
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  - Views/modifies file attributes
  PID:9184
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:9316

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:8988

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:6992

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:9360
- C:\Windows\SysWOW64\IGB_ZX_1015.exe
  C:\Windows\system32\IGB_ZX_1015.exe
  2⤵
  PID:9504
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240680781.bat
  2⤵
  PID:9496
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:5240
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:10924

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240680718.bat
1⤵
PID:9348
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:10028
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  - Drops file in System32 directory
  PID:8188

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:2988
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:8948

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240680515.bat
1⤵
PID:7392
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:10092
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:10396

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240680875.bat
1⤵
PID:9620
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:10160
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:11248

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:9660
- C:\Windows\SysWOW64\IGB_ZX_1015.exe
  C:\Windows\system32\IGB_ZX_1015.exe
  2⤵
  PID:9744
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240681046.bat
    3⤵
    PID:9856
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      Views/modifies file attributes
      PID:8880
- - C:\Windows\SysWOW64\IGB_ZX_1015.exe
    C:\Windows\system32\IGB_ZX_1015.exe
    3⤵
    PID:9884
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240681265.bat
      4⤵
      PID:10116
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:8208
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:11184
  - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
      C:\Windows\system32\IGB_ZX_1015.exe
      4⤵
      PID:10128
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240681375.bat
        5⤵
        
        PID:10224
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        Drops file in System32 directory
        
        PID:8736
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        Views/modifies file attributes
        
        PID:7320
    - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        5⤵
        
        PID:10236
      - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        6⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        7⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        8⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240681859.bat
        9⤵
        
        PID:10132
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        10⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        10⤵
        Drops file in System32 directory
        
        PID:9520
        
        C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        9⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240681687.bat
        8⤵
        
        PID:9416
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        9⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        9⤵
        
        PID:10680
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240681640.bat
        7⤵
        
        PID:9668
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        8⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        8⤵
        Views/modifies file attributes
        
        PID:12056
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240681437.bat
        6⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:10076
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240680953.bat
  2⤵
  PID:9736
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:9600
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      Drops file in System32 directory
      PID:10356

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:7916
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240682234.bat
  2⤵
  PID:8060
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:11248
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:11040
- C:\Windows\SysWOW64\IGB_ZX_1015.exe
  C:\Windows\system32\IGB_ZX_1015.exe
  2⤵
  PID:9692
- - C:\Windows\SysWOW64\IGB_ZX_1015.exe
    C:\Windows\system32\IGB_ZX_1015.exe
    3⤵
    PID:9196
  - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
      C:\Windows\system32\IGB_ZX_1015.exe
      4⤵
      PID:8556
    - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        5⤵
        
        PID:7852
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240682406.bat
      4⤵
      PID:5588
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:9344
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:11992
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240682312.bat
    3⤵
    PID:6720
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:9180
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:11184
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:11188

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240682015.bat
1⤵
PID:9044
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:9592
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:7568
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:10968

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:10204

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240681921.bat
1⤵
PID:2988
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:10968
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:11600

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240682500.bat
1⤵
PID:9892
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:9192

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240682546.bat
1⤵
PID:9188
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:5204
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:1408

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240682625.bat
1⤵
PID:10188
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:10408
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:10408

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:9256
- C:\Windows\SysWOW64\IGB_ZX_1015.exe
  C:\Windows\system32\IGB_ZX_1015.exe
  2⤵
  PID:9388
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240682750.bat
    3⤵
    PID:10172
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:10572
- - C:\Windows\SysWOW64\IGB_ZX_1015.exe
    C:\Windows\system32\IGB_ZX_1015.exe
    3⤵
    PID:9476

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:9576
- C:\Windows\SysWOW64\IGB_ZX_1015.exe
  C:\Windows\system32\IGB_ZX_1015.exe
  2⤵
  PID:10300
- - C:\Windows\SysWOW64\IGB_ZX_1015.exe
    C:\Windows\system32\IGB_ZX_1015.exe
    3⤵
    - Drops file in System32 directory
    PID:9980
  - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
      C:\Windows\system32\IGB_ZX_1015.exe
      4⤵
      PID:11204
    - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        5⤵
        
        PID:10452
      - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        6⤵
        
        PID:10248
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240684765.bat
        6⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        7⤵
        
        PID:12032
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240684484.bat
        5⤵
        
        PID:9608
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        6⤵
        
        PID:11276
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240684421.bat
      4⤵
      PID:11060
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
        5⤵
        
        PID:11336
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240684328.bat
    3⤵
    PID:9340
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
      4⤵
      PID:11284
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240684203.bat
  2⤵
  PID:10092
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:9552
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:3224

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240684093.bat
1⤵
PID:7728
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:10380
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:9700
- C:\Windows\SysWOW64\attrib.exe
  attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
  2⤵
  PID:11004

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:220

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:8928

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:8940

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
- Drops file in System32 directory
PID:11920
- C:\Windows\SysWOW64\IGB_ZX_1015.exe
  C:\Windows\system32\IGB_ZX_1015.exe
  2⤵
  PID:12012
- - C:\Windows\SysWOW64\IGB_ZX_1015.exe
    C:\Windows\system32\IGB_ZX_1015.exe
    3⤵
    PID:12252
  - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
      C:\Windows\system32\IGB_ZX_1015.exe
      4⤵
      PID:10384
    - - C:\Windows\SysWOW64\IGB_ZX_1015.exe
        
        C:\Windows\system32\IGB_ZX_1015.exe
        5⤵
        
        PID:12012
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\CBAN240688328.bat
        5⤵
        
        PID:12016
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\CBAN240688140.bat
      4⤵
      PID:4788
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:4780
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240687843.bat
    3⤵
    PID:12244
- - C:\Windows\SysWOW64\IGB_ZX_1015.exe
    C:\Windows\system32\IGB_ZX_1015.exe
    3⤵
    PID:11472
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\CBAN240688531.bat
    3⤵
    PID:12236
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\CBAN240687531.bat
  2⤵
  PID:12000
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\SysWOW64\IGB_ZX_1015.exe" -r -a -s -h
    3⤵
    PID:5652

C:\Windows\SysWOW64\IGB_ZX_1015.exe
C:\Windows\system32\IGB_ZX_1015.exe
1⤵
PID:10544

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240688609.bat
1⤵
PID:12128

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:7496

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\CBAN240687453.bat
1⤵
PID:11912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\CBAN240667656.bat

Filesize
290B

MD5
6e187e12fb89630037553d06ac8915a6

SHA1
f9d6fded85faa66518e5bfa17176462611379edc

SHA256
4e4474c3549463f7bbd4f7642aeb3f6847997df794d8533fbb45e40dfe4435d1

SHA512
6e4df367049d5137f419c1e5b3373bf9967532c2288740f7bcad63d97a2e020f112f6b70a86c27c9fd8c8d92470aaf45103d6af08bb5d2418bd4013ed1615d13

Download Submit
C:\CBAN240669625.bat

Filesize
185B

MD5
5b5b726da9a95c4bb1b1abd4e8dacecd

SHA1
64388a073a1582acf4397d50e5a965e6ee4b27a3

SHA256
16120e01d49ca8528742979e566a4dccbe1e58d65f56ea9f5e20a3232548c030

SHA512
6912ec63f5ce3166b223faacc60878747cb0b69db7c254d4a962a55ca983859434a51f259181131b773a247fabcebb227093bc019443abfe07e111dce83f1041

Download Submit
C:\Windows\SysWOW64\IGB_ZX_1015.exe

Filesize
4KB

MD5
453155d693c6842c17d85d53707c6b16

SHA1
b3ce31e2d195055950b4beba26777028f0581d42

SHA256
3beb594697f6b3b933436f318fb998484f6c0ea8f14e1d57cfd3fa720b614648

SHA512
e154f526b69843a64b0ef2fbf32bc6706fcaf7b63580444cd936a39ba02647938640189f47d48e1c664e15e55a53abc818da7eacfd599571cea83fe1af6f1fb6

Download Submit