a0a9c38213d1740dcf9f2b9484fc1ec0c6f9c99180b7eaea9e1d4a9021832c68

Analysis

max time kernel
47s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9e547588e033e711dcca4fd1dd63784_JaffaCakes118.exe
Size

4KB
MD5

e9e547588e033e711dcca4fd1dd63784
SHA1

c45eb0287578698d2a77afa6daf4c0099c7f92cc
SHA256

a0a9c38213d1740dcf9f2b9484fc1ec0c6f9c99180b7eaea9e1d4a9021832c68
SHA512

d005cbb6383a1b34314ac44606f4c56503ca7fbeccfe301d6428d37c8d78ed2fc334ba4dd1d65356709a1d07b487ec0f5232fc17cb7cb2179e6b300d0187d5c7
SSDEEP

48:kbsAG5Ib+QI84T28RjJFORaf9lAsvDStdAK01gbM1aTayi7N7N7N7N7N7N7N7x:knkI23yu+RaFWsbUqV1aTap

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3060	cmd.exe

Executes dropped EXE 64 IoCs

pid	Process
2504	IGBWD1033.exe
1328	IGBWD1033.exe
1724	IGBWD1033.exe
2452	IGBWD1033.exe
1180	IGBWD1033.exe
2604	IGBWD1033.exe
240	IGBWD1033.exe
1960	IGBWD1033.exe
776	IGBWD1033.exe
988	IGBWD1033.exe
2836	IGBWD1033.exe
2028	IGBWD1033.exe
2140	IGBWD1033.exe
2240	IGBWD1033.exe
2176	IGBWD1033.exe
2852	IGBWD1033.exe
2556	IGBWD1033.exe
2712	IGBWD1033.exe
3024	IGBWD1033.exe
616	IGBWD1033.exe
112	IGBWD1033.exe
2080	IGBWD1033.exe
2072	IGBWD1033.exe
992	IGBWD1033.exe
2584	IGBWD1033.exe
2688	IGBWD1033.exe
2724	IGBWD1033.exe
3024	IGBWD1033.exe
2592	IGBWD1033.exe
616	IGBWD1033.exe
2624	IGBWD1033.exe
2152	IGBWD1033.exe
1160	IGBWD1033.exe
2956	IGBWD1033.exe
1860	IGBWD1033.exe
2284	IGBWD1033.exe
2240	IGBWD1033.exe
984	IGBWD1033.exe
1548	IGBWD1033.exe
2424	IGBWD1033.exe
1796	IGBWD1033.exe
2460	IGBWD1033.exe
2084	IGBWD1033.exe
1596	IGBWD1033.exe
2284	IGBWD1033.exe
2168	IGBWD1033.exe
2008	IGBWD1033.exe
540	IGBWD1033.exe
2748	IGBWD1033.exe
1072	IGBWD1033.exe
1372	IGBWD1033.exe
2500	IGBWD1033.exe
2244	IGBWD1033.exe
2724	IGBWD1033.exe
320	IGBWD1033.exe
2072	IGBWD1033.exe
1508	IGBWD1033.exe
2460	IGBWD1033.exe
2960	IGBWD1033.exe
2460	IGBWD1033.exe
3092	IGBWD1033.exe
3176	IGBWD1033.exe
3236	IGBWD1033.exe
3304	IGBWD1033.exe

Loads dropped DLL 64 IoCs

pid	Process
2044	e9e547588e033e711dcca4fd1dd63784_JaffaCakes118.exe
2044	e9e547588e033e711dcca4fd1dd63784_JaffaCakes118.exe
2504	IGBWD1033.exe
2504	IGBWD1033.exe
1328	IGBWD1033.exe
1328	IGBWD1033.exe
1724	IGBWD1033.exe
1724	IGBWD1033.exe
2452	IGBWD1033.exe
2452	IGBWD1033.exe
1180	IGBWD1033.exe
1180	IGBWD1033.exe
2604	IGBWD1033.exe
2604	IGBWD1033.exe
240	IGBWD1033.exe
240	IGBWD1033.exe
1960	IGBWD1033.exe
1960	IGBWD1033.exe
776	IGBWD1033.exe
776	IGBWD1033.exe
988	IGBWD1033.exe
988	IGBWD1033.exe
2836	IGBWD1033.exe
2836	IGBWD1033.exe
2028	IGBWD1033.exe
2028	IGBWD1033.exe
2140	IGBWD1033.exe
2140	IGBWD1033.exe
2240	IGBWD1033.exe
2240	IGBWD1033.exe
2176	IGBWD1033.exe
2176	IGBWD1033.exe
2852	IGBWD1033.exe
2852	IGBWD1033.exe
2556	IGBWD1033.exe
2556	IGBWD1033.exe
2712	IGBWD1033.exe
2712	IGBWD1033.exe
3024	IGBWD1033.exe
3024	IGBWD1033.exe
616	IGBWD1033.exe
616	IGBWD1033.exe
112	IGBWD1033.exe
112	IGBWD1033.exe
2080	IGBWD1033.exe
2080	IGBWD1033.exe
2072	IGBWD1033.exe
2072	IGBWD1033.exe
992	IGBWD1033.exe
992	IGBWD1033.exe
2584	IGBWD1033.exe
2584	IGBWD1033.exe
2688	IGBWD1033.exe
2688	IGBWD1033.exe
2724	IGBWD1033.exe
2724	IGBWD1033.exe
3024	IGBWD1033.exe
3024	IGBWD1033.exe
2592	IGBWD1033.exe
2592	IGBWD1033.exe
616	IGBWD1033.exe
616	IGBWD1033.exe
2624	IGBWD1033.exe
2624	IGBWD1033.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	attrib.exe
File created	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File created	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File created	C:\Windows\SysWOW64\IGBWD1033.exe	IGBWD1033.exe
File created	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File created	C:\Windows\SysWOW64\IGBWD1033.exe	IGBWD1033.exe
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	attrib.exe
File created	C:\Windows\SysWOW64\IGBWD1033.exe	IGBWD1033.exe
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File created	C:\Windows\SysWOW64\IGBWD1033.exe	IGBWD1033.exe
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File created	C:\Windows\SysWOW64\IGBWD1033.exe	IGBWD1033.exe
File created	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	attrib.exe
File created	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File created	C:\Windows\SysWOW64\IGBWD1033.exe	IGBWD1033.exe
File created	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File created	C:\Windows\SysWOW64\IGBWD1033.exe	IGBWD1033.exe
File created	C:\Windows\SysWOW64\IGBWD1033.exe	IGBWD1033.exe
File created	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File created	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File created	C:\Windows\SysWOW64\IGBWD1033.exe	IGBWD1033.exe
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	attrib.exe
File created	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\IGBWD1033.exe	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 3060	2044	e9e547588e033e711dcca4fd1dd63784_JaffaCakes118.exe	28
PID 2044 wrote to memory of 3060	2044	e9e547588e033e711dcca4fd1dd63784_JaffaCakes118.exe	28
PID 2044 wrote to memory of 3060	2044	e9e547588e033e711dcca4fd1dd63784_JaffaCakes118.exe	28
PID 2044 wrote to memory of 3060	2044	e9e547588e033e711dcca4fd1dd63784_JaffaCakes118.exe	28
PID 2044 wrote to memory of 2504	2044	e9e547588e033e711dcca4fd1dd63784_JaffaCakes118.exe	30
PID 2044 wrote to memory of 2504	2044	e9e547588e033e711dcca4fd1dd63784_JaffaCakes118.exe	30
PID 2044 wrote to memory of 2504	2044	e9e547588e033e711dcca4fd1dd63784_JaffaCakes118.exe	30
PID 2044 wrote to memory of 2504	2044	e9e547588e033e711dcca4fd1dd63784_JaffaCakes118.exe	30
PID 2504 wrote to memory of 2532	2504	IGBWD1033.exe	31
PID 2504 wrote to memory of 2532	2504	IGBWD1033.exe	31
PID 2504 wrote to memory of 2532	2504	IGBWD1033.exe	31
PID 2504 wrote to memory of 2532	2504	IGBWD1033.exe	31
PID 2504 wrote to memory of 1328	2504	IGBWD1033.exe	32
PID 2504 wrote to memory of 1328	2504	IGBWD1033.exe	32
PID 2504 wrote to memory of 1328	2504	IGBWD1033.exe	32
PID 2504 wrote to memory of 1328	2504	IGBWD1033.exe	32
PID 3060 wrote to memory of 2656	3060	cmd.exe	126
PID 3060 wrote to memory of 2656	3060	cmd.exe	126
PID 3060 wrote to memory of 2656	3060	cmd.exe	126
PID 3060 wrote to memory of 2656	3060	cmd.exe	126
PID 1328 wrote to memory of 2988	1328	IGBWD1033.exe	35
PID 1328 wrote to memory of 2988	1328	IGBWD1033.exe	35
PID 1328 wrote to memory of 2988	1328	IGBWD1033.exe	35
PID 1328 wrote to memory of 2988	1328	IGBWD1033.exe	35
PID 1328 wrote to memory of 1724	1328	IGBWD1033.exe	36
PID 1328 wrote to memory of 1724	1328	IGBWD1033.exe	36
PID 1328 wrote to memory of 1724	1328	IGBWD1033.exe	36
PID 1328 wrote to memory of 1724	1328	IGBWD1033.exe	36
PID 1724 wrote to memory of 2156	1724	IGBWD1033.exe	38
PID 1724 wrote to memory of 2156	1724	IGBWD1033.exe	38
PID 1724 wrote to memory of 2156	1724	IGBWD1033.exe	38
PID 1724 wrote to memory of 2156	1724	IGBWD1033.exe	38
PID 1724 wrote to memory of 2452	1724	IGBWD1033.exe	39
PID 1724 wrote to memory of 2452	1724	IGBWD1033.exe	39
PID 1724 wrote to memory of 2452	1724	IGBWD1033.exe	39
PID 1724 wrote to memory of 2452	1724	IGBWD1033.exe	39
PID 2452 wrote to memory of 2444	2452	IGBWD1033.exe	40
PID 2452 wrote to memory of 2444	2452	IGBWD1033.exe	40
PID 2452 wrote to memory of 2444	2452	IGBWD1033.exe	40
PID 2452 wrote to memory of 2444	2452	IGBWD1033.exe	40
PID 2452 wrote to memory of 1180	2452	IGBWD1033.exe	41
PID 2452 wrote to memory of 1180	2452	IGBWD1033.exe	41
PID 2452 wrote to memory of 1180	2452	IGBWD1033.exe	41
PID 2452 wrote to memory of 1180	2452	IGBWD1033.exe	41
PID 2988 wrote to memory of 1212	2988	cmd.exe	42
PID 2988 wrote to memory of 1212	2988	cmd.exe	42
PID 2988 wrote to memory of 1212	2988	cmd.exe	42
PID 2988 wrote to memory of 1212	2988	cmd.exe	42
PID 2532 wrote to memory of 1964	2532	cmd.exe	43
PID 2532 wrote to memory of 1964	2532	cmd.exe	43
PID 2532 wrote to memory of 1964	2532	cmd.exe	43
PID 2532 wrote to memory of 1964	2532	cmd.exe	43
PID 1180 wrote to memory of 2632	1180	IGBWD1033.exe	44
PID 1180 wrote to memory of 2632	1180	IGBWD1033.exe	44
PID 1180 wrote to memory of 2632	1180	IGBWD1033.exe	44
PID 1180 wrote to memory of 2632	1180	IGBWD1033.exe	44
PID 1180 wrote to memory of 2604	1180	IGBWD1033.exe	133
PID 1180 wrote to memory of 2604	1180	IGBWD1033.exe	133
PID 1180 wrote to memory of 2604	1180	IGBWD1033.exe	133
PID 1180 wrote to memory of 2604	1180	IGBWD1033.exe	133
PID 2604 wrote to memory of 1616	2604	IGBWD1033.exe	49
PID 2604 wrote to memory of 1616	2604	IGBWD1033.exe	49
PID 2604 wrote to memory of 1616	2604	IGBWD1033.exe	49
PID 2604 wrote to memory of 1616	2604	IGBWD1033.exe	49

Views/modifies file attributes 1 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
18816	Process not Found
19048	Process not Found
13128	Process not Found
9784	Process not Found
17920	Process not Found
16832	Process not Found
4860	Process not Found
17368	Process not Found
19640	Process not Found
20456	Process not Found
14124	Process not Found
17240	Process not Found
5316	Process not Found
20196	Process not Found
19476	Process not Found
5012	Process not Found
19504	Process not Found
15720	Process not Found
11104	Process not Found
16832	Process not Found
19384	Process not Found
13784	Process not Found
18792	Process not Found
19212	Process not Found
4260	attrib.exe
19164	Process not Found
19488	Process not Found
17936	Process not Found
19796	Process not Found
19252	Process not Found
4024	attrib.exe
5756	Process not Found
7948	Process not Found
14840	Process not Found
6124	Process not Found
19500	Process not Found
20028	Process not Found
6860	Process not Found
3600	Process not Found
19868	Process not Found
9024	Process not Found
11552	Process not Found
18924	Process not Found
19012	Process not Found
6860	Process not Found
20052	Process not Found
18824	Process not Found
19404	Process not Found
11584	Process not Found
16848	Process not Found
5432	Process not Found
18748	Process not Found
12212	Process not Found
4100	Process not Found
3928	attrib.exe
19620	Process not Found
11968	Process not Found
19996	Process not Found
17540	Process not Found
11576	Process not Found
19888	Process not Found
19328	Process not Found
16588	Process not Found
18228	Process not Found

C:\Users\Admin\AppData\Local\Temp\e9e547588e033e711dcca4fd1dd63784_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e9e547588e033e711dcca4fd1dd63784_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\e062a60da38b259403064.bat
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:3060
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Users\Admin\AppData\Local\Temp\e9e547588e033e711dcca4fd1dd63784_JaffaCakes118.exe" -r -a -s -h
    3⤵
    PID:2656
- C:\Windows\SysWOW64\IGBWD1033.exe
  C:\Windows\system32\IGBWD1033.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\e062a60da38b259403142.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2532
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
      4⤵
      PID:1964
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
      4⤵
      PID:1700
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
      4⤵
      PID:3004
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
      4⤵
      Drops file in System32 directory
      PID:1764
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
      4⤵
      PID:884
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
      4⤵
      PID:2708
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
      4⤵
      PID:1912
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
      4⤵
      PID:2764
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
      4⤵
      PID:2712
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
      4⤵
      PID:4432
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
      4⤵
      PID:5000
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
      4⤵
      PID:4216
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
      4⤵
      PID:5064
- - C:\Windows\SysWOW64\IGBWD1033.exe
    C:\Windows\system32\IGBWD1033.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1328
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\e062a60da38b259403173.bat
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2988
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        5⤵
        
        PID:1212
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        5⤵
        
        PID:2152
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        5⤵
        
        PID:2948
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        5⤵
        
        PID:1936
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        5⤵
        
        PID:2320
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        5⤵
        
        PID:328
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        5⤵
        
        PID:1540
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        5⤵
        Drops file in System32 directory
        
        PID:2936
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        5⤵
        
        PID:1684
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        5⤵
        
        PID:488
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        5⤵
        
        PID:4464
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        5⤵
        
        PID:2540
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        5⤵
        
        PID:4380
  - - C:\Windows\SysWOW64\IGBWD1033.exe
      C:\Windows\system32\IGBWD1033.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1724
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403189.bat
        5⤵
        
        PID:2156
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        6⤵
        
        PID:596
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        6⤵
        
        PID:700
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        6⤵
        
        PID:948
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        6⤵
        
        PID:2036
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        6⤵
        
        PID:2584
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        6⤵
        
        PID:2216
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        6⤵
        
        PID:776
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        6⤵
        
        PID:1920
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        6⤵
        
        PID:1276
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        6⤵
        
        PID:4560
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        6⤵
        
        PID:4052
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        6⤵
        
        PID:4660
    - - C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2452
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403204.bat
        6⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        7⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        7⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        7⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        7⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        7⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        7⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        7⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        7⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        7⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        7⤵
        
        PID:948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        7⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        7⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        7⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        7⤵
        
        PID:3472
      - C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1180
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403220.bat
        7⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        8⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        8⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        8⤵
        
        PID:1440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        8⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        8⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        8⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        8⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        8⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        8⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        8⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2604
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403236.bat
        8⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        9⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        9⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        9⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        9⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        9⤵
        
        PID:672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        9⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        9⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        9⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        9⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        9⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        9⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:240
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403251.bat
        9⤵
        
        PID:332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        10⤵
        
        PID:452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        10⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        10⤵
        Drops file in System32 directory
        
        PID:1656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        10⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        10⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        10⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        10⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        10⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        10⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        10⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        10⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        10⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        10⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        10⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1960
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403267.bat
        10⤵
        
        PID:688
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        11⤵
        Drops file in System32 directory
        
        PID:1136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        11⤵
        Drops file in System32 directory
        
        PID:1240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        11⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        11⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        11⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        11⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        11⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        11⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        11⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        11⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:776
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403298.bat
        11⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        12⤵
        
        PID:836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        12⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        12⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        12⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        12⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        12⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        12⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        12⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        12⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:988
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403329.bat
        12⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        13⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        13⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        13⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        13⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        13⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        13⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2836
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403345.bat
        13⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        14⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        14⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        14⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        14⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        14⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        14⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        14⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2028
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403360.bat
        14⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        15⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        15⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        15⤵
        
        PID:564
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        15⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        15⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        15⤵
        
        PID:488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        15⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2140
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403407.bat
        15⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        16⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        16⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        16⤵
        
        PID:1144
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        16⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        16⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        16⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        16⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2240
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403454.bat
        16⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        17⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        17⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        17⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        17⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        17⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        17⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2176
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403470.bat
        17⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        18⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        18⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        18⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        18⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        18⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        18⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        18⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2852
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403563.bat
        18⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        19⤵
        
        PID:320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        19⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        19⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        19⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        19⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2556
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403594.bat
        19⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        20⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        20⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        20⤵
        Views/modifies file attributes
        
        PID:4024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        20⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        20⤵
        
        PID:3600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        20⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2712
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403641.bat
        20⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        21⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        21⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        21⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        21⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        21⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        21⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3024
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403719.bat
        21⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        22⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        22⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        22⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        22⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        22⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:616
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403782.bat
        22⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        23⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        23⤵
        
        PID:884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        23⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        23⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        23⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:112
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403844.bat
        23⤵
        
        PID:892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        24⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        24⤵
        
        PID:828
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        24⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        24⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        24⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2080
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259403875.bat
        24⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        25⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        25⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        25⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        25⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        25⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        25⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        25⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2072
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404047.bat
        25⤵
        
        PID:1424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        26⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        26⤵
        
        PID:576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        26⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        26⤵
        Drops file in System32 directory
        
        PID:3336
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        26⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:992
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404187.bat
        26⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        27⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        27⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        27⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        27⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        27⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2584
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404468.bat
        27⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        28⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        28⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        28⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        28⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2688
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404577.bat
        28⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        29⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        29⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        29⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        29⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2724
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404608.bat
        29⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        30⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        30⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        30⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        30⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3024
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404608.bat
        30⤵
        
        PID:1216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        31⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        31⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        31⤵
        
        PID:3340
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        31⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2592
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404624.bat
        31⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        32⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        32⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        32⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        32⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:616
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404640.bat
        32⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        33⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        33⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        33⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        33⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2624
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404671.bat
        33⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        34⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        34⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        34⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        34⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        33⤵
        Executes dropped EXE
        
        PID:2152
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404686.bat
        34⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        35⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        35⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        35⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        35⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        34⤵
        Executes dropped EXE
        
        PID:1160
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404718.bat
        35⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        36⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        36⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        36⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        36⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        35⤵
        Executes dropped EXE
        
        PID:2956
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404733.bat
        36⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        37⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        37⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        37⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        37⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        36⤵
        Executes dropped EXE
        
        PID:1860
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404749.bat
        37⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        38⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        38⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        38⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        38⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        37⤵
        Executes dropped EXE
        
        PID:2284
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404764.bat
        38⤵
        
        PID:1288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        39⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        39⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        39⤵
        
        PID:3188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        39⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        38⤵
        Executes dropped EXE
        
        PID:2240
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404764.bat
        39⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        40⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        40⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        40⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        40⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        39⤵
        Executes dropped EXE
        
        PID:984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404780.bat
        40⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        41⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        41⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        41⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        41⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        40⤵
        Executes dropped EXE
        
        PID:1548
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404796.bat
        41⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        42⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        42⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        42⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        42⤵
        Drops file in System32 directory
        
        PID:4772
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        41⤵
        Executes dropped EXE
        
        PID:2424
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404811.bat
        42⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        43⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        43⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        43⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        43⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        42⤵
        Executes dropped EXE
        
        PID:1796
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404858.bat
        43⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        44⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        44⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        44⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        44⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        43⤵
        Executes dropped EXE
        
        PID:2460
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404874.bat
        44⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        45⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        45⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        45⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        45⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        44⤵
        Executes dropped EXE
        
        PID:2084
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404889.bat
        45⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        46⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        46⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        46⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        46⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        45⤵
        Executes dropped EXE
        
        PID:1596
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404920.bat
        46⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        47⤵
        Drops file in System32 directory
        
        PID:3344
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        47⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        47⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        47⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        46⤵
        Executes dropped EXE
        
        PID:2284
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404936.bat
        47⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        48⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        48⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        48⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        48⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        47⤵
        Executes dropped EXE
        
        PID:2168
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404967.bat
        48⤵
        
        PID:240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        49⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        49⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        49⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        48⤵
        Executes dropped EXE
        
        PID:2008
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259404983.bat
        49⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        50⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        50⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        50⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        50⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        49⤵
        Executes dropped EXE
        
        PID:540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405014.bat
        50⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        51⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        51⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        51⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        51⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        50⤵
        Executes dropped EXE
        
        PID:2748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405045.bat
        51⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        52⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        52⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        52⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        52⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        51⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1072
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405076.bat
        52⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        53⤵
        
        PID:3188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        53⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        53⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        53⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        52⤵
        Executes dropped EXE
        
        PID:1372
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405092.bat
        53⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        54⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        54⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        54⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        54⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        53⤵
        Executes dropped EXE
        
        PID:2500
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405108.bat
        54⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        55⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        55⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        55⤵
        Views/modifies file attributes
        
        PID:3928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        55⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        54⤵
        Executes dropped EXE
        
        PID:2244
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405123.bat
        55⤵
        
        PID:540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        56⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        56⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        56⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        56⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        55⤵
        Executes dropped EXE
        
        PID:2724
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405139.bat
        56⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        57⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        57⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        57⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        57⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        56⤵
        Executes dropped EXE
        
        PID:320
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405154.bat
        57⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        58⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        58⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        58⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        58⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        57⤵
        Executes dropped EXE
        
        PID:2072
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405154.bat
        58⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        59⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        59⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        59⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        59⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        58⤵
        Executes dropped EXE
        
        PID:1508
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405170.bat
        59⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        60⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        60⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        60⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        59⤵
        Executes dropped EXE
        
        PID:2460
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405186.bat
        60⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        61⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        61⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        61⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        61⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        60⤵
        Executes dropped EXE
        
        PID:2960
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405201.bat
        61⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        62⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        62⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        62⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        62⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        61⤵
        Executes dropped EXE
        
        PID:2460
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405217.bat
        62⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        63⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        63⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        63⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        63⤵
        Drops file in System32 directory
        
        PID:4896
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        62⤵
        Executes dropped EXE
        
        PID:3092
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405232.bat
        63⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        64⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        64⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        64⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        64⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        63⤵
        Executes dropped EXE
        
        PID:3176
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405248.bat
        64⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        65⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        65⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        65⤵
        
        PID:320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        65⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        64⤵
        Executes dropped EXE
        
        PID:3236
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405264.bat
        65⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        66⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        66⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        66⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        66⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        65⤵
        Executes dropped EXE
        
        PID:3304
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405310.bat
        66⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        67⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        67⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        67⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        67⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        66⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405326.bat
        67⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        68⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        68⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        68⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        68⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        67⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405342.bat
        68⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        69⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        69⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        69⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        69⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        68⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405357.bat
        69⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        70⤵
        
        PID:3204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        70⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        70⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        70⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        69⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405373.bat
        70⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        71⤵
        
        PID:900
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        71⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        71⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        71⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        70⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405388.bat
        71⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        72⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        72⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        72⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        72⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        71⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405404.bat
        72⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        73⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        73⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        73⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        73⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        72⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405420.bat
        73⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        74⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        74⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        74⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        74⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        73⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405435.bat
        74⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        75⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        75⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        75⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        75⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        74⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405466.bat
        75⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        76⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        76⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        76⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        75⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405466.bat
        76⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        77⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        77⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        77⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        76⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405482.bat
        77⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        78⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        78⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        78⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        78⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        77⤵
        
        PID:4012
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405513.bat
        78⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        79⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        79⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        79⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        78⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405529.bat
        79⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        80⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        80⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        80⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        80⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        79⤵
        
        PID:320
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405544.bat
        80⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        81⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        81⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        81⤵
        Drops file in System32 directory
        
        PID:4376
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        81⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        80⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405560.bat
        81⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        82⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        82⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        82⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        81⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405576.bat
        82⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        83⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        83⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        83⤵
        Drops file in System32 directory
        
        PID:4236
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        82⤵
        Drops file in System32 directory
        
        PID:3468
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405607.bat
        83⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        84⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        84⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        84⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        83⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405622.bat
        84⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        85⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        85⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        85⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        84⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405638.bat
        85⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        86⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        86⤵
        Drops file in System32 directory
        
        PID:5080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        86⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        85⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405654.bat
        86⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        87⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        87⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        87⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        87⤵
        
        PID:488
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        86⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405654.bat
        87⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        88⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        88⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        88⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        88⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        87⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405669.bat
        88⤵
        
        PID:3868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        89⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        89⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        89⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        88⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405685.bat
        89⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        90⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        90⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        90⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        90⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        89⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405700.bat
        90⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        91⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        91⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        91⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        90⤵
        
        PID:320
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405716.bat
        91⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        92⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        92⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        92⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        91⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405732.bat
        92⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        93⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        93⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        93⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        92⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405747.bat
        93⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        94⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        94⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        94⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        94⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        93⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405763.bat
        94⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        95⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        95⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        95⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        94⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405778.bat
        95⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        96⤵
        Views/modifies file attributes
        
        PID:4260
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        96⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        96⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        95⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405794.bat
        96⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        97⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        97⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        97⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        96⤵
        
        PID:3204
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259405810.bat
        97⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        98⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        98⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        98⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        97⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259406028.bat
        98⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        99⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        99⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\IGBWD1033.exe" -r -a -s -h
        99⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        98⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259409990.bat
        99⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        99⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410053.bat
        100⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        100⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410068.bat
        101⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        101⤵
        Drops file in System32 directory
        
        PID:2744
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410084.bat
        102⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        102⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410100.bat
        103⤵
        
        PID:576
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        103⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410115.bat
        104⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        104⤵
        
        PID:984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410131.bat
        105⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        105⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410146.bat
        106⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        106⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410162.bat
        107⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        107⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410193.bat
        108⤵
        
        PID:3124
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        108⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410193.bat
        109⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        109⤵
        
        PID:3204
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410209.bat
        110⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        110⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410224.bat
        111⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        111⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410271.bat
        112⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        112⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410302.bat
        113⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        113⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410318.bat
        114⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        114⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410334.bat
        115⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        115⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410349.bat
        116⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        116⤵
        Drops file in System32 directory
        
        PID:4988
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410365.bat
        117⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        117⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410380.bat
        118⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        118⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410396.bat
        119⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        119⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410412.bat
        120⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        120⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410427.bat
        121⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        121⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410458.bat
        122⤵
        
        PID:3516
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        122⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410474.bat
        123⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        123⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410490.bat
        124⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        124⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410505.bat
        125⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        125⤵
        Drops file in System32 directory
        
        PID:4184
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410536.bat
        126⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        126⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410552.bat
        127⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        127⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410568.bat
        128⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        128⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410583.bat
        129⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        129⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410599.bat
        130⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        130⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410614.bat
        131⤵
        
        PID:984
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        131⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410630.bat
        132⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        132⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410646.bat
        133⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        133⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410646.bat
        134⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        134⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410661.bat
        135⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        135⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410677.bat
        136⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        136⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410708.bat
        137⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        137⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410708.bat
        138⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        138⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410739.bat
        139⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        139⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410755.bat
        140⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        140⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410770.bat
        141⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        141⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410786.bat
        142⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        142⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410802.bat
        143⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        143⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410833.bat
        144⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        144⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410848.bat
        145⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        145⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410864.bat
        146⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        146⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410880.bat
        147⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        147⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410895.bat
        148⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        148⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410911.bat
        149⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        149⤵
        Drops file in System32 directory
        
        PID:2284
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410926.bat
        150⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        150⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410942.bat
        151⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        151⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410958.bat
        152⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        152⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259410989.bat
        153⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        153⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411036.bat
        154⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        154⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411051.bat
        155⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        155⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411067.bat
        156⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        156⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411082.bat
        157⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        157⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411098.bat
        158⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        158⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411114.bat
        159⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        159⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411129.bat
        160⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        160⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411129.bat
        161⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        161⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411145.bat
        162⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        162⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411160.bat
        163⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        163⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411176.bat
        164⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        164⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411176.bat
        165⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        165⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411192.bat
        166⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        166⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411223.bat
        167⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        167⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411254.bat
        168⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        168⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411254.bat
        169⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        169⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411270.bat
        170⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        170⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411285.bat
        171⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        171⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411301.bat
        172⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        172⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411301.bat
        173⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        173⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411316.bat
        174⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        174⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411332.bat
        175⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        175⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411332.bat
        176⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        176⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411348.bat
        177⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        177⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411379.bat
        178⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        178⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411394.bat
        179⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        179⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411410.bat
        180⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        180⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411426.bat
        181⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        181⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411441.bat
        182⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        182⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411441.bat
        183⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        183⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411457.bat
        184⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        184⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411472.bat
        185⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        185⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411488.bat
        186⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        186⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411519.bat
        187⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        187⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411535.bat
        188⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        188⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411550.bat
        189⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        189⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411566.bat
        190⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        190⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411582.bat
        191⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        191⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411597.bat
        192⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        192⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411613.bat
        193⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        193⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411628.bat
        194⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        194⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411644.bat
        195⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        195⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411660.bat
        196⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        196⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411675.bat
        197⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        197⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411691.bat
        198⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        198⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411722.bat
        199⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        199⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411738.bat
        200⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        200⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411753.bat
        201⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        201⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411784.bat
        202⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        202⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411800.bat
        203⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        203⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411816.bat
        204⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        204⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411831.bat
        205⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        205⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411847.bat
        206⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        206⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411862.bat
        207⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        207⤵
        Drops file in System32 directory
        
        PID:6828
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411894.bat
        208⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        208⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411909.bat
        209⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        209⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411909.bat
        210⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        210⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411925.bat
        211⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        211⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411940.bat
        212⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        212⤵
        Drops file in System32 directory
        
        PID:7096
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411956.bat
        213⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        213⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411972.bat
        214⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        214⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259411987.bat
        215⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        215⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412018.bat
        216⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        216⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412034.bat
        217⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        217⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412050.bat
        218⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        218⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412081.bat
        219⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        219⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412112.bat
        220⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        220⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412112.bat
        221⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        221⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412143.bat
        222⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        222⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412159.bat
        223⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        223⤵
        Drops file in System32 directory
        
        PID:7084
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412174.bat
        224⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        224⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412190.bat
        225⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        225⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412221.bat
        226⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        226⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412237.bat
        227⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        227⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412252.bat
        228⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        228⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412268.bat
        229⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        229⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412284.bat
        230⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        230⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412315.bat
        231⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        231⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412330.bat
        232⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        232⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412346.bat
        233⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        233⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412346.bat
        234⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        234⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412362.bat
        235⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        235⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412393.bat
        236⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        236⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412393.bat
        237⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        237⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412408.bat
        238⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        238⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412424.bat
        239⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        239⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412440.bat
        240⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        240⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412471.bat
        241⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        241⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412486.bat
        242⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        242⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412502.bat
        243⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        243⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412518.bat
        244⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\IGBWD1033.exe
        
        C:\Windows\system32\IGBWD1033.exe
        244⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\e062a60da38b259412533.bat
        245⤵
        
        PID:7420

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "145016911364703577-47845723-1244070575-1888260919561772813-1507002002-889634230"
1⤵
PID:2028

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1005628879325004681823682887-18437538371009257441-1098184280-1698181662413514620"
1⤵
PID:328

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2119446761-3799335191771464069194940591-8305850251080216815-18646907322141643872"
1⤵
PID:1540

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "94111826202548872-2047686481-276799354-11451001191908289961-423424610-822602926"
1⤵
PID:112

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-655384401-1003276863-2091955131-1381249553-1237156946692420100-244300007-535716133"
1⤵
PID:776

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1374676107-442370472-351594251-1207631708-1194517485-538557804148454939-653003712"
1⤵
PID:1764

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "492457147640875379-393122916-349955201-12708397071482936636-709240070-1356212452"
1⤵
PID:2060

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1067842169-1349303185153512675069275752989209052917041997641429904315318773689"
1⤵
PID:2764

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-627466481152621959913474515831444702046-1262005939448349152708197906872904038"
1⤵
PID:564

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-440096275-1899194400825056184-665571220-1878060062-20185498136928518801178970495"
1⤵
PID:1160

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-928550973-17546040681423971982-87932945616347257619624332071529282946295848475"
1⤵
PID:1596

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "451437780552256665-806833274-2015078651-7059540981947279203441818961-1665463934"
1⤵
PID:2176

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1021116147-20488826751929352520644533334-1932727490-1690897685-1524395970266359416"
1⤵
PID:2040

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "678447699-1279218570-160617036119317493388634659792033813671-1097872373-1969762605"
1⤵
PID:2036

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1857186655-805344718105992936417248067271865022177-1563490026-1534005699512111256"
1⤵
PID:2724

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1721640895-1100053455-13735793531301348822-93494620587475833-764570875-769910074"
1⤵
PID:2620

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-83124987316516002175216873-914170815-2125528420770809964-1967179186301237986"
1⤵
PID:3092

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "346810891260332778957442046-2976253641074820040-867771966-7288002921890641721"
1⤵
PID:3236

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "16793744651815352640-1411229139-1022905401137561574212059870155352988242022135825"
1⤵
PID:3496

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "74360793-12543584121775316348331140353-17848862274883539644456365964338202"
1⤵
PID:5032

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-757692036-13207215954157393731989587674-1449577583-702885335-540294986-848280648"
1⤵
PID:5072

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1739480245399478602486176783-9856616758484772361690586293725649155-46197456"
1⤵
PID:2804

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "337878009-778467814643927572997223134-1218842756-230726356-828099196-1216105188"
1⤵
PID:2296

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "196243992220258886026639607862025987257149138181-164180045466988471-1228437130"
1⤵
PID:4024

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1292610528-7857490564813510531746713702-767832094-1133037839-47893403514558402"
1⤵
PID:3544

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-5477622172002259500-1378300768-358724409188783014914676222038178664351074108946"
1⤵
PID:3932

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1490258117-1063982492-428741736-147926041747315836-11116276679017932-1708930321"
1⤵
PID:3896

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-977468984-120407017-173440550-16632336241601395275-15127664861854225829-243263973"
1⤵
PID:4092

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-4522759635515656435742517852542978471618869395-434821983-224516843-1177245087"
1⤵
PID:4264

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "56963509-119608874-15389870491087849427-1551512404-1960624650-298993764-1238787243"
1⤵
PID:4376

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-155493841363863830-2961670051310831266147530732920494252151936882865-67968234"
1⤵
PID:1732

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-20734825891980330449-8616753551610714997-89331426-352182611-4557225371609955299"
1⤵
PID:3188

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-787240236-606384390-1511355217-328383042-1393192282-1367191524-2127685938364418661"
1⤵
PID:3928

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1220662379-630151283991847191-42074138312412568-1799484788-14370930251484922018"
1⤵
PID:3364

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-925714179-1555601882-1561059858-13422997375206745161070081187-685962325531381757"
1⤵
PID:4432

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "7783661113695056537851822714021620091403855803-1583761571-557660102-934036644"
1⤵
PID:4520

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-6084161882432011981410422262-80531808-2875202251948281927-1685114899-1268965073"
1⤵
PID:4540

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "970301839-19041080661369861261225557206-138795641020165795741165364768-1257290894"
1⤵
PID:2180

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1360408993-197988049-1364550154-4825809211342835297169525581038598561-816112634"
1⤵
PID:1872

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-596214113-1344489508-10273605781021413131-3064722533175008951142521600-1311343301"
1⤵
PID:2324

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1685086505-905200011-881287836-672153620-1518237762-313689111-391494463-1518966813"
1⤵
PID:4624

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-140060402787913725199598277997884225-206361618316264824071912450195628006429"
1⤵
PID:4588

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-955262525-71116067320097710603713146174643052454323510901280395377-305725205"
1⤵
PID:4164

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-787207750770004859-18840150101762815376178448121-2144293865141944626053509908"
1⤵
PID:4144

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "256088866473240397-1844951413-896982650-8590502211074625137-927388806-1865849852"
1⤵
PID:2832

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-78369432215595263481261086031895915197210882578-856359100-179130191-2095529551"
1⤵
PID:1072

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1148272386633592372904735484-11279151451323547328-2222956-1378478527-936507643"
1⤵
PID:4576

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2023751964-157984710721428765891793577841149473654813871393121416924243-436982872"
1⤵
PID:1544

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "18168734521409550369-15483443631416067714-2099423342621454991294561856-1475663202"
1⤵
PID:3656

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1360508286816669918-1563503375-2096787124-806901346-1604845588-440828817342417775"
1⤵
PID:3104

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "18040268805566989128015652247808057661883440670-392979883-1403636029-1929063094"
1⤵
PID:4248

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1477741424-7286121593265833181659968724314268835-1412055796-954501504-313593416"
1⤵
PID:3808

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1013213539-27739891316557148991526835907-4672832171911622782-16095513131587902473"
1⤵
PID:2400

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "605677090-3179527874438031331473481769-15999244361498925366-16808825462062861851"
1⤵
PID:4468

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1445142587-1252716178136110798619198917099964161341505031626141885935-1288253586"
1⤵
PID:2404

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "13371165841972198357-1216341474-105208137-943668388-2064498964832466722-497158918"
1⤵
PID:4600

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1299446292-2095755652-1811146349-570442676883357050-1171708407-29245230650268978"
1⤵
PID:4304

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-934056306-1459939115-521568970-14824554738398046141012456606-1834647668-1333232404"
1⤵
PID:5700

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-844857237-2106730839-2009250636743776088-1046371206-1959428420331046280-830329787"
1⤵
PID:5800

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-664147745-505950136-516077885862615063604743067961338966-902840722-719588216"
1⤵
PID:5892

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1756277796-282365159-1684160245-572554881-575334749-2759202573034014211473090505"
1⤵
PID:4360

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "972905765-986136619249808041-146733172432279763-1399277546439373463-844145120"
1⤵
PID:5656

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "133872154739433440811967098281368313495-5444241441697614117-1616179811-1949138240"
1⤵
PID:5940

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-4840735975756868331128629642776599647-259582410-1105567092-219814648-1122628505"
1⤵
PID:6380

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-14684320701342080930-2049850967193132004910077428121184020059-4138183451922542814"
1⤵
PID:6620

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-5926188312074425601-12518612337310598013449049071381477281-14647314808948925"
1⤵
PID:6768

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1797290259-248412020-7628265255713607166256228110722202152113709205-1712183575"
1⤵
PID:4692

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1922965849-8543908-1564552621886403209117829602-30419303-816573337662313485"
1⤵
PID:6420

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "362428034-508558686920270422085633299-21323674952040436141-960534033-1848915890"
1⤵
PID:4724

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "39488447712032380811803896356-1780652534-4626607371219750569-63114032914585141"
1⤵
PID:7152

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "564429197740888035725735794-2032988653-1343290491340560876-12332353221262422761"
1⤵
PID:6384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\e062a60da38b259403064.bat

Filesize
332B

MD5
9458297c55079478c306c2defff2431b

SHA1
b9f2113452d91ed29214b6abd021f2001867a04e

SHA256
06cf31c374b2f0a73ac28b626a21495f64c872cfd49fa175d2291f9e714617bd

SHA512
1812daf522d2337704258c35c80ebb5b6234d32ef828ff0825ad33af0c9948614b1c816a16013c87eecc3c1bfeacc7351b7176ab9499d9f3a69dee130eb48d80

Download Submit
C:\e062a60da38b259403142.bat

Filesize
179B

MD5
140b54ce9f03ff9f5497894acb1b249a

SHA1
f8982e4dba5dbb75c00dd0203b03c101d3e342e7

SHA256
a4087a94c47cc95430dc52c788b92317a474b01305bdee8c77f5b23c5f1f9f7b

SHA512
557452fd442cad4bfabc40eb827cbf4b90fe2ab16cd9d4e27cb0d28279a2eed79e0dba484694d4dfd2bc63ac1a11fe85c3fb690b039f7fdf5f35bc6e0228b827

Download Submit
\Windows\SysWOW64\IGBWD1033.exe

Filesize
4KB

MD5
e9e547588e033e711dcca4fd1dd63784

SHA1
c45eb0287578698d2a77afa6daf4c0099c7f92cc

SHA256
a0a9c38213d1740dcf9f2b9484fc1ec0c6f9c99180b7eaea9e1d4a9021832c68

SHA512
d005cbb6383a1b34314ac44606f4c56503ca7fbeccfe301d6428d37c8d78ed2fc334ba4dd1d65356709a1d07b487ec0f5232fc17cb7cb2179e6b300d0187d5c7

Download Submit