eeec18fb099dd4d469bd2bf0f27e49248b47dfb0917ae5a7847574148af949ec

Analysis

max time kernel
68s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0167f07d17a27ca5b585b4ea8b31c48c_JaffaCakes118.exe
Size

6KB
MD5

0167f07d17a27ca5b585b4ea8b31c48c
SHA1

72dfc10b896e88199f980fa5bb72021f7766f866
SHA256

eeec18fb099dd4d469bd2bf0f27e49248b47dfb0917ae5a7847574148af949ec
SHA512

96e88eae03ad5b1f4dafc783ff34fa6f069f3be03f69511d1e05964c24009d04f02a5926e35865991b3bbb713e321405c3179dc99e090900495d17ca4d18b8fa
SSDEEP

192:4BkKyXPayzbzbzbzbzbzbzbzHuzX39s97VzYRq:4yKyft///////HIXtuVU8

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2588	cmd.exe

Executes dropped EXE 64 IoCs

pid	Process
1664	ayEZZEZZ1040.exe
2528	ayEZZEZZ1040.exe
1280	ayEZZEZZ1040.exe
2440	ayEZZEZZ1040.exe
3056	ayEZZEZZ1040.exe
2696	ayEZZEZZ1040.exe
288	ayEZZEZZ1040.exe
2076	ayEZZEZZ1040.exe
2448	ayEZZEZZ1040.exe
2024	ayEZZEZZ1040.exe
924	ayEZZEZZ1040.exe
280	ayEZZEZZ1040.exe
752	ayEZZEZZ1040.exe
1440	ayEZZEZZ1040.exe
2508	ayEZZEZZ1040.exe
2552	ayEZZEZZ1040.exe
2728	ayEZZEZZ1040.exe
2704	ayEZZEZZ1040.exe
1256	ayEZZEZZ1040.exe
2476	ayEZZEZZ1040.exe
2324	ayEZZEZZ1040.exe
2780	ayEZZEZZ1040.exe
1248	ayEZZEZZ1040.exe
1792	ayEZZEZZ1040.exe
2192	ayEZZEZZ1040.exe
1724	ayEZZEZZ1040.exe
2916	ayEZZEZZ1040.exe
1604	ayEZZEZZ1040.exe
1960	ayEZZEZZ1040.exe
384	ayEZZEZZ1040.exe
2640	ayEZZEZZ1040.exe
2320	ayEZZEZZ1040.exe
2384	ayEZZEZZ1040.exe
2884	ayEZZEZZ1040.exe
1696	ayEZZEZZ1040.exe
2732	ayEZZEZZ1040.exe
2388	ayEZZEZZ1040.exe
540	ayEZZEZZ1040.exe
1708	ayEZZEZZ1040.exe
1160	ayEZZEZZ1040.exe
380	ayEZZEZZ1040.exe
1032	ayEZZEZZ1040.exe
2532	ayEZZEZZ1040.exe
2412	ayEZZEZZ1040.exe
1584	ayEZZEZZ1040.exe
2440	ayEZZEZZ1040.exe
2192	ayEZZEZZ1040.exe
1444	ayEZZEZZ1040.exe
2532	ayEZZEZZ1040.exe
2724	ayEZZEZZ1040.exe
2348	ayEZZEZZ1040.exe
1012	ayEZZEZZ1040.exe
2420	ayEZZEZZ1040.exe
2156	ayEZZEZZ1040.exe
2584	ayEZZEZZ1040.exe
2744	ayEZZEZZ1040.exe
2724	ayEZZEZZ1040.exe
3080	ayEZZEZZ1040.exe
3100	ayEZZEZZ1040.exe
3152	ayEZZEZZ1040.exe
3228	ayEZZEZZ1040.exe
3296	ayEZZEZZ1040.exe
3352	ayEZZEZZ1040.exe
3428	ayEZZEZZ1040.exe

Loads dropped DLL 64 IoCs

pid	Process
2276	0167f07d17a27ca5b585b4ea8b31c48c_JaffaCakes118.exe
2276	0167f07d17a27ca5b585b4ea8b31c48c_JaffaCakes118.exe
1664	ayEZZEZZ1040.exe
1664	ayEZZEZZ1040.exe
2528	ayEZZEZZ1040.exe
2528	ayEZZEZZ1040.exe
1280	ayEZZEZZ1040.exe
1280	ayEZZEZZ1040.exe
2440	ayEZZEZZ1040.exe
2440	ayEZZEZZ1040.exe
3056	ayEZZEZZ1040.exe
3056	ayEZZEZZ1040.exe
2696	ayEZZEZZ1040.exe
2696	ayEZZEZZ1040.exe
288	ayEZZEZZ1040.exe
288	ayEZZEZZ1040.exe
2076	ayEZZEZZ1040.exe
2076	ayEZZEZZ1040.exe
2448	ayEZZEZZ1040.exe
2448	ayEZZEZZ1040.exe
2024	ayEZZEZZ1040.exe
2024	ayEZZEZZ1040.exe
924	ayEZZEZZ1040.exe
924	ayEZZEZZ1040.exe
280	ayEZZEZZ1040.exe
280	ayEZZEZZ1040.exe
752	ayEZZEZZ1040.exe
752	ayEZZEZZ1040.exe
1440	ayEZZEZZ1040.exe
1440	ayEZZEZZ1040.exe
2508	ayEZZEZZ1040.exe
2508	ayEZZEZZ1040.exe
2552	ayEZZEZZ1040.exe
2552	ayEZZEZZ1040.exe
2728	ayEZZEZZ1040.exe
2728	ayEZZEZZ1040.exe
2704	ayEZZEZZ1040.exe
2704	ayEZZEZZ1040.exe
1256	ayEZZEZZ1040.exe
1256	ayEZZEZZ1040.exe
2476	ayEZZEZZ1040.exe
2476	ayEZZEZZ1040.exe
2324	ayEZZEZZ1040.exe
2324	ayEZZEZZ1040.exe
2780	ayEZZEZZ1040.exe
2780	ayEZZEZZ1040.exe
1248	ayEZZEZZ1040.exe
1248	ayEZZEZZ1040.exe
1792	ayEZZEZZ1040.exe
1792	ayEZZEZZ1040.exe
2192	ayEZZEZZ1040.exe
2192	ayEZZEZZ1040.exe
1724	ayEZZEZZ1040.exe
1724	ayEZZEZZ1040.exe
2916	ayEZZEZZ1040.exe
2916	ayEZZEZZ1040.exe
1604	ayEZZEZZ1040.exe
1604	ayEZZEZZ1040.exe
1960	ayEZZEZZ1040.exe
1960	ayEZZEZZ1040.exe
384	ayEZZEZZ1040.exe
384	ayEZZEZZ1040.exe
2640	ayEZZEZZ1040.exe
2640	ayEZZEZZ1040.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File created	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	ayEZZEZZ1040.exe
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File created	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	ayEZZEZZ1040.exe
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File created	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\ayEZZEZZ1040.exe	attrib.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 2588	2276	0167f07d17a27ca5b585b4ea8b31c48c_JaffaCakes118.exe	28
PID 2276 wrote to memory of 2588	2276	0167f07d17a27ca5b585b4ea8b31c48c_JaffaCakes118.exe	28
PID 2276 wrote to memory of 2588	2276	0167f07d17a27ca5b585b4ea8b31c48c_JaffaCakes118.exe	28
PID 2276 wrote to memory of 2588	2276	0167f07d17a27ca5b585b4ea8b31c48c_JaffaCakes118.exe	28
PID 2276 wrote to memory of 1664	2276	0167f07d17a27ca5b585b4ea8b31c48c_JaffaCakes118.exe	30
PID 2276 wrote to memory of 1664	2276	0167f07d17a27ca5b585b4ea8b31c48c_JaffaCakes118.exe	30
PID 2276 wrote to memory of 1664	2276	0167f07d17a27ca5b585b4ea8b31c48c_JaffaCakes118.exe	30
PID 2276 wrote to memory of 1664	2276	0167f07d17a27ca5b585b4ea8b31c48c_JaffaCakes118.exe	30
PID 2588 wrote to memory of 2520	2588	cmd.exe	31
PID 2588 wrote to memory of 2520	2588	cmd.exe	31
PID 2588 wrote to memory of 2520	2588	cmd.exe	31
PID 2588 wrote to memory of 2520	2588	cmd.exe	31
PID 1664 wrote to memory of 2536	1664	ayEZZEZZ1040.exe	32
PID 1664 wrote to memory of 2536	1664	ayEZZEZZ1040.exe	32
PID 1664 wrote to memory of 2536	1664	ayEZZEZZ1040.exe	32
PID 1664 wrote to memory of 2536	1664	ayEZZEZZ1040.exe	32
PID 1664 wrote to memory of 2528	1664	ayEZZEZZ1040.exe	33
PID 1664 wrote to memory of 2528	1664	ayEZZEZZ1040.exe	33
PID 1664 wrote to memory of 2528	1664	ayEZZEZZ1040.exe	33
PID 1664 wrote to memory of 2528	1664	ayEZZEZZ1040.exe	33
PID 2528 wrote to memory of 2540	2528	ayEZZEZZ1040.exe	35
PID 2528 wrote to memory of 2540	2528	ayEZZEZZ1040.exe	35
PID 2528 wrote to memory of 2540	2528	ayEZZEZZ1040.exe	35
PID 2528 wrote to memory of 2540	2528	ayEZZEZZ1040.exe	35
PID 2528 wrote to memory of 1280	2528	ayEZZEZZ1040.exe	36
PID 2528 wrote to memory of 1280	2528	ayEZZEZZ1040.exe	36
PID 2528 wrote to memory of 1280	2528	ayEZZEZZ1040.exe	36
PID 2528 wrote to memory of 1280	2528	ayEZZEZZ1040.exe	36
PID 1280 wrote to memory of 2652	1280	ayEZZEZZ1040.exe	38
PID 1280 wrote to memory of 2652	1280	ayEZZEZZ1040.exe	38
PID 1280 wrote to memory of 2652	1280	ayEZZEZZ1040.exe	38
PID 1280 wrote to memory of 2652	1280	ayEZZEZZ1040.exe	38
PID 1280 wrote to memory of 2440	1280	ayEZZEZZ1040.exe	39
PID 1280 wrote to memory of 2440	1280	ayEZZEZZ1040.exe	39
PID 1280 wrote to memory of 2440	1280	ayEZZEZZ1040.exe	39
PID 1280 wrote to memory of 2440	1280	ayEZZEZZ1040.exe	39
PID 2440 wrote to memory of 2880	2440	ayEZZEZZ1040.exe	42
PID 2440 wrote to memory of 2880	2440	ayEZZEZZ1040.exe	42
PID 2440 wrote to memory of 2880	2440	ayEZZEZZ1040.exe	42
PID 2440 wrote to memory of 2880	2440	ayEZZEZZ1040.exe	42
PID 2536 wrote to memory of 2432	2536	cmd.exe	41
PID 2536 wrote to memory of 2432	2536	cmd.exe	41
PID 2536 wrote to memory of 2432	2536	cmd.exe	41
PID 2536 wrote to memory of 2432	2536	cmd.exe	41
PID 2440 wrote to memory of 3056	2440	ayEZZEZZ1040.exe	43
PID 2440 wrote to memory of 3056	2440	ayEZZEZZ1040.exe	43
PID 2440 wrote to memory of 3056	2440	ayEZZEZZ1040.exe	43
PID 2440 wrote to memory of 3056	2440	ayEZZEZZ1040.exe	43
PID 3056 wrote to memory of 2604	3056	ayEZZEZZ1040.exe	45
PID 3056 wrote to memory of 2604	3056	ayEZZEZZ1040.exe	45
PID 3056 wrote to memory of 2604	3056	ayEZZEZZ1040.exe	45
PID 3056 wrote to memory of 2604	3056	ayEZZEZZ1040.exe	45
PID 3056 wrote to memory of 2696	3056	ayEZZEZZ1040.exe	46
PID 3056 wrote to memory of 2696	3056	ayEZZEZZ1040.exe	46
PID 3056 wrote to memory of 2696	3056	ayEZZEZZ1040.exe	46
PID 3056 wrote to memory of 2696	3056	ayEZZEZZ1040.exe	46
PID 2540 wrote to memory of 2724	2540	cmd.exe	47
PID 2540 wrote to memory of 2724	2540	cmd.exe	47
PID 2540 wrote to memory of 2724	2540	cmd.exe	47
PID 2540 wrote to memory of 2724	2540	cmd.exe	47
PID 2652 wrote to memory of 2556	2652	cmd.exe	49
PID 2652 wrote to memory of 2556	2652	cmd.exe	49
PID 2652 wrote to memory of 2556	2652	cmd.exe	49
PID 2652 wrote to memory of 2556	2652	cmd.exe	49

Views/modifies file attributes 1 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
5956	Process not Found
5088	Process not Found
6940	Process not Found
8084	Process not Found
2332	attrib.exe
2288	Process not Found
5376	Process not Found
7492	Process not Found
7200	Process not Found
7996	Process not Found
3316	Process not Found
8656	Process not Found
12480	Process not Found
3856	Process not Found
7696	Process not Found
4676	Process not Found
8384	Process not Found
12228	Process not Found
3940	attrib.exe
4600	Process not Found
6380	Process not Found
6220	Process not Found
4556	Process not Found
6032	Process not Found
11600	Process not Found
5496	Process not Found
6452	Process not Found
7996	Process not Found
5412	Process not Found
9020	Process not Found
13556	Process not Found
2968	attrib.exe
4120	Process not Found
2076	Process not Found
6472	Process not Found
7652	Process not Found
11080	Process not Found
5280	Process not Found
4044	Process not Found
4736	Process not Found
5204	Process not Found
7340	Process not Found
4164	attrib.exe
6480	Process not Found
5892	Process not Found
5096	Process not Found
8004	Process not Found
7324	Process not Found
2184	Process not Found
8668	Process not Found
5164	Process not Found
6704	Process not Found
6268	Process not Found
6220	Process not Found
8672	Process not Found
1572	Process not Found
3940	attrib.exe
6028	Process not Found
7008	Process not Found
6688	Process not Found
6128	Process not Found
7608	Process not Found
4356	Process not Found
11464	Process not Found

C:\Users\Admin\AppData\Local\Temp\0167f07d17a27ca5b585b4ea8b31c48c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0167f07d17a27ca5b585b4ea8b31c48c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Windows\SysWOW64\cmd.exe
  cmd /c c:\d2b282ef026d259395482.bat
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Users\Admin\AppData\Local\Temp\0167f07d17a27ca5b585b4ea8b31c48c_JaffaCakes118.exe" -r -a -s -h
    3⤵
    PID:2520
- C:\Windows\SysWOW64\ayEZZEZZ1040.exe
  C:\Windows\system32\ayEZZEZZ1040.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1664
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c c:\d2b282ef026d259395560.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2536
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
      4⤵
      PID:2432
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
      4⤵
      PID:1584
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
      4⤵
      PID:540
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
      4⤵
      PID:1492
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
      4⤵
      PID:1844
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
      4⤵
      PID:2592
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
      4⤵
      PID:2764
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
      4⤵
      PID:3672
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
      4⤵
      PID:2984
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
      4⤵
      PID:4780
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
      4⤵
      PID:4884
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
      4⤵
      PID:4940
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
      4⤵
      PID:4716
- - C:\Windows\SysWOW64\ayEZZEZZ1040.exe
    C:\Windows\system32\ayEZZEZZ1040.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2528
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\d2b282ef026d259395576.bat
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2540
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        5⤵
        
        PID:2724
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        5⤵
        
        PID:2204
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        5⤵
        
        PID:2332
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        5⤵
        
        PID:2488
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        5⤵
        
        PID:2440
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        5⤵
        
        PID:692
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        5⤵
        
        PID:4196
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        5⤵
        
        PID:2748
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        5⤵
        
        PID:4276
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        5⤵
        
        PID:1428
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        5⤵
        
        PID:4540
  - - C:\Windows\SysWOW64\ayEZZEZZ1040.exe
      C:\Windows\system32\ayEZZEZZ1040.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1280
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259395592.bat
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2652
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        6⤵
        
        PID:2556
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        6⤵
        
        PID:1884
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        6⤵
        
        PID:452
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        6⤵
        
        PID:2196
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        6⤵
        
        PID:1720
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        6⤵
        
        PID:2600
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        6⤵
        
        PID:2892
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        6⤵
        
        PID:4488
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        6⤵
        
        PID:4328
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        6⤵
        
        PID:2972
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        6⤵
        
        PID:3708
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        6⤵
        
        PID:5088
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        6⤵
        
        PID:4352
    - - C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2440
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259395607.bat
        6⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        7⤵
        
        PID:820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        7⤵
        Drops file in System32 directory
        
        PID:1788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        7⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        7⤵
        
        PID:904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        7⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        7⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        7⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        7⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        7⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        7⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        7⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        7⤵
        
        PID:1204
      - C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:3056
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259395623.bat
        7⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        8⤵
        
        PID:1472
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        8⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        8⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        8⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        8⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        8⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        8⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        8⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        8⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        8⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        8⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        8⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2696
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259395638.bat
        8⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        9⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        9⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        9⤵
        
        PID:380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        9⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        9⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        9⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        9⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        9⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        9⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        9⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        9⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:288
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259395654.bat
        9⤵
        
        PID:780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        10⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        10⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        10⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        10⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        10⤵
        
        PID:976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        10⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        10⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        10⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        10⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        10⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        10⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        10⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        10⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        10⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2076
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259395670.bat
        10⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        11⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        11⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        11⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        11⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        11⤵
        
        PID:856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        11⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        11⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        11⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        11⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        11⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2448
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259395701.bat
        11⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        12⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        12⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        12⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        12⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        12⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        12⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        12⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        12⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        12⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        12⤵
        Drops file in System32 directory
        
        PID:472
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2024
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259395732.bat
        12⤵
        
        PID:584
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        13⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        13⤵
        
        PID:240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        13⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        13⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        13⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        13⤵
        
        PID:992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        13⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        13⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        13⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        13⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        13⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:924
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259395748.bat
        13⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        14⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        14⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        14⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        14⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        14⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        14⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        14⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        14⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        14⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        14⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:280
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259395888.bat
        14⤵
        
        PID:928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        15⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        15⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        15⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        15⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        15⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        15⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        15⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        15⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        15⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:752
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259395935.bat
        15⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        16⤵
        
        PID:1840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        16⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        16⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        16⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        16⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        16⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        16⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        16⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        16⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1440
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396044.bat
        16⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        17⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        17⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        17⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        17⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        17⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        17⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        17⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        17⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2508
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396184.bat
        17⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        18⤵
        
        PID:784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        18⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        18⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        18⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        18⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        18⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        18⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2552
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396278.bat
        18⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        19⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        19⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        19⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        19⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        19⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        19⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2728
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396356.bat
        19⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        20⤵
        
        PID:1368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        20⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        20⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        20⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        20⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        20⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2704
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396372.bat
        20⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        21⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        21⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        21⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        21⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        21⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        21⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1256
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396387.bat
        21⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        22⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        22⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        22⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        22⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        22⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        22⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2476
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396403.bat
        22⤵
        
        PID:608
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        23⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        23⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        23⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        23⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        23⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        23⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2324
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396403.bat
        23⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        24⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        24⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        24⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        24⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        24⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        24⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2780
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396434.bat
        24⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        25⤵
        
        PID:328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        25⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        25⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        25⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        25⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        25⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1248
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396450.bat
        25⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        26⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        26⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        26⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        26⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        26⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        26⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1792
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396450.bat
        26⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        27⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        27⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        27⤵
        Drops file in System32 directory
        
        PID:4812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        27⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        27⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        27⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2192
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396465.bat
        27⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        28⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        28⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        28⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        28⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        28⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        28⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1724
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396481.bat
        28⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        29⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        29⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        29⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        29⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        29⤵
        Drops file in System32 directory
        
        PID:4236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        29⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2916
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396496.bat
        29⤵
        
        PID:804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        30⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        30⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        30⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        30⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        30⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        30⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1604
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396512.bat
        30⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        31⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        31⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        31⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        31⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        31⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        31⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1960
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396528.bat
        31⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        32⤵
        
        PID:784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        32⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        32⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        32⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        32⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        32⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:384
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396543.bat
        32⤵
        
        PID:1440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        33⤵
        
        PID:472
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        33⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        33⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        33⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        33⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        33⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2640
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396559.bat
        33⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        34⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        34⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        34⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        34⤵
        
        PID:992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        34⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        34⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        33⤵
        Executes dropped EXE
        
        PID:2320
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396574.bat
        34⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        35⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        35⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        35⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        35⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        35⤵
        Views/modifies file attributes
        
        PID:3940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        35⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        34⤵
        Executes dropped EXE
        
        PID:2384
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396590.bat
        35⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        36⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        36⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        36⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        36⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        36⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        36⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        35⤵
        Executes dropped EXE
        
        PID:2884
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396606.bat
        36⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        37⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        37⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        37⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        37⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        37⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        37⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        36⤵
        Executes dropped EXE
        
        PID:1696
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396606.bat
        37⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        38⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        38⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        38⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        38⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        38⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        38⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        37⤵
        Executes dropped EXE
        
        PID:2732
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396621.bat
        38⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        39⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        39⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        39⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        39⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        39⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        39⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        38⤵
        Executes dropped EXE
        
        PID:2388
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396637.bat
        39⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        40⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        40⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        40⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        40⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        40⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        40⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        39⤵
        Executes dropped EXE
        
        PID:540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396652.bat
        40⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        41⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        41⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        41⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        41⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        41⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        41⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        40⤵
        Executes dropped EXE
        
        PID:1708
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396684.bat
        41⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        42⤵
        Views/modifies file attributes
        
        PID:2332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        42⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        42⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        42⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        42⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        42⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        41⤵
        Executes dropped EXE
        
        PID:1160
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396699.bat
        42⤵
        
        PID:912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        43⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        43⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        43⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        43⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        43⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        43⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        42⤵
        Executes dropped EXE
        
        PID:380
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396699.bat
        43⤵
        
        PID:1840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        44⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        44⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        44⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        44⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        44⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        44⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        43⤵
        Executes dropped EXE
        
        PID:1032
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396715.bat
        44⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        45⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        45⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        45⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        45⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        45⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        45⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        44⤵
        Executes dropped EXE
        
        PID:2532
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396730.bat
        45⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        46⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        46⤵
        
        PID:692
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        46⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        46⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        46⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        46⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        45⤵
        Executes dropped EXE
        
        PID:2412
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396746.bat
        46⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        47⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        47⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        47⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        47⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        47⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        47⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        46⤵
        Executes dropped EXE
        
        PID:1584
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396762.bat
        47⤵
        
        PID:336
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        48⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        48⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        48⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        48⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        48⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        48⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        47⤵
        Executes dropped EXE
        
        PID:2440
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396777.bat
        48⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        49⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        49⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        49⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        49⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        49⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        49⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        48⤵
        Executes dropped EXE
        
        PID:2192
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396793.bat
        49⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        50⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        50⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        50⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        50⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        50⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        50⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        49⤵
        Executes dropped EXE
        
        PID:1444
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396824.bat
        50⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        51⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        51⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        51⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        51⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        51⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        51⤵
        Drops file in System32 directory
        
        PID:4648
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        50⤵
        Executes dropped EXE
        
        PID:2532
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396840.bat
        51⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        52⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        52⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        52⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        52⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        52⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        52⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        51⤵
        Executes dropped EXE
        
        PID:2724
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396840.bat
        52⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        53⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        53⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        53⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        53⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        53⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        53⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        52⤵
        Executes dropped EXE
        
        PID:2348
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396855.bat
        53⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        54⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        54⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        54⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        54⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        54⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        54⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        53⤵
        Executes dropped EXE
        
        PID:1012
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396871.bat
        54⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        55⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        55⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        55⤵
        
        PID:472
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        55⤵
        Drops file in System32 directory
        
        PID:268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        55⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        55⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        54⤵
        Executes dropped EXE
        
        PID:2420
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396886.bat
        55⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        56⤵
        Drops file in System32 directory
        
        PID:3384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        56⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        56⤵
        
        PID:1368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        56⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        56⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        56⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        55⤵
        Executes dropped EXE
        
        PID:2156
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396902.bat
        56⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        57⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        57⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        57⤵
        
        PID:268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        57⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        57⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        57⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        56⤵
        Executes dropped EXE
        
        PID:2584
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396918.bat
        57⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        58⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        58⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        58⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        58⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        58⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        58⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        57⤵
        Executes dropped EXE
        
        PID:2744
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396933.bat
        58⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        59⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        59⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        59⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        59⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        59⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        59⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        58⤵
        Executes dropped EXE
        
        PID:2724
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396949.bat
        59⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        60⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        60⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        60⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        60⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        60⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        60⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        59⤵
        Executes dropped EXE
        
        PID:3080
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396949.bat
        60⤵
        
        PID:3092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        61⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        61⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        61⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        61⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        61⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        61⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        60⤵
        Executes dropped EXE
        
        PID:3100
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396964.bat
        61⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        62⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        62⤵
        Drops file in System32 directory
        
        PID:3416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        62⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        62⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        62⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        62⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        61⤵
        Executes dropped EXE
        
        PID:3152
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396980.bat
        62⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        63⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        63⤵
        
        PID:540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        63⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        63⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        63⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        63⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        62⤵
        Executes dropped EXE
        
        PID:3228
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259396996.bat
        63⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        64⤵
        Drops file in System32 directory
        
        PID:3808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        64⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        64⤵
        
        PID:328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        64⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        64⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        64⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        63⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3296
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397011.bat
        64⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        65⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        65⤵
        
        PID:380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        65⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        65⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        65⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        65⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        64⤵
        Executes dropped EXE
        
        PID:3352
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397027.bat
        65⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        66⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        66⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        66⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        66⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        66⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        66⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        65⤵
        Executes dropped EXE
        
        PID:3428
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397042.bat
        66⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        67⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        67⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        67⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        67⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        67⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        67⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        66⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397089.bat
        67⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        68⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        68⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        68⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        68⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        68⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        68⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        67⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397105.bat
        68⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        69⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        69⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        69⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        69⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        69⤵
        
        PID:1368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        69⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        68⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397120.bat
        69⤵
        
        PID:3720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        70⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        70⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        70⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        70⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        70⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        70⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        69⤵
        
        PID:3728
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397136.bat
        70⤵
        
        PID:3796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        71⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        71⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        71⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        71⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        71⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        71⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        70⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397136.bat
        71⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        72⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        72⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        72⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        72⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        72⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        72⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        71⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397152.bat
        72⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        73⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        73⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        73⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        73⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        73⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        73⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        72⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397167.bat
        73⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        74⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        74⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        74⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        74⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        74⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        73⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397183.bat
        74⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        75⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        75⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        75⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        75⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        75⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        75⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        74⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397198.bat
        75⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        76⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        76⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        76⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        76⤵
        
        PID:856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        76⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        76⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        75⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397230.bat
        76⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        77⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        77⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        77⤵
        Views/modifies file attributes
        
        PID:2968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        77⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        77⤵
        
        PID:268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        77⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        76⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397245.bat
        77⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        78⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        78⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        78⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        78⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        78⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        78⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        77⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397261.bat
        78⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        79⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        79⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        79⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        79⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        79⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        79⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        78⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397261.bat
        79⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        80⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        80⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        80⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        80⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        80⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        80⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        79⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397276.bat
        80⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        81⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        81⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        81⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        81⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        81⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        80⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397292.bat
        81⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        82⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        82⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        82⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        82⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        82⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        82⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        81⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397308.bat
        82⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        83⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        83⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        83⤵
        
        PID:540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        83⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        83⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        82⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397323.bat
        83⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        84⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        84⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        84⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        84⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        84⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        83⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397354.bat
        84⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        85⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        85⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        85⤵
        
        PID:604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        85⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        85⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        85⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        84⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397370.bat
        85⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        86⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        86⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        86⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        86⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        86⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        86⤵
        
        PID:268
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        85⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397386.bat
        86⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        87⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        87⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        87⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        87⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        87⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        86⤵
        
        PID:3268
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397401.bat
        87⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        88⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        88⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        88⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        88⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        88⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        88⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        87⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397417.bat
        88⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        89⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        89⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        89⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        89⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        89⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        89⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        88⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397432.bat
        89⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        90⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        90⤵
        Views/modifies file attributes
        
        PID:3940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        90⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        90⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        90⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        90⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        89⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397448.bat
        90⤵
        
        PID:3124
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        91⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        91⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        91⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        91⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        91⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        91⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        90⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397464.bat
        91⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        92⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        92⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        92⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        92⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        92⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        91⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397479.bat
        92⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        93⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        93⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        93⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        93⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        93⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        92⤵
        
        PID:3868
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397495.bat
        93⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        94⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        94⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        94⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        94⤵
        Views/modifies file attributes
        
        PID:4164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        94⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        93⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397510.bat
        94⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        95⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        95⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        95⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        95⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        95⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        94⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397526.bat
        95⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        96⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        96⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        96⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        96⤵
        
        PID:604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        96⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        95⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397542.bat
        96⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        97⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        97⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        97⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        97⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        97⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        96⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397557.bat
        97⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        98⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        98⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        98⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        98⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        98⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        98⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        97⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397573.bat
        98⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        99⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        99⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        99⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        99⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        99⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        98⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397588.bat
        99⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        100⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        100⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        100⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        100⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        100⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        99⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397604.bat
        100⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        101⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        101⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        101⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        101⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        101⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        100⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397620.bat
        101⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        102⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        102⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        102⤵
        
        PID:768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        102⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        102⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        101⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397635.bat
        102⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        103⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        103⤵
        
        PID:992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        103⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        103⤵
        
        PID:768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        103⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        102⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397651.bat
        103⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        104⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        104⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        104⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        104⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        104⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        104⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        103⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397666.bat
        104⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        105⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        105⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        105⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        105⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        105⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        104⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397682.bat
        105⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        106⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        106⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        106⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        106⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        106⤵
        
        PID:768
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        105⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397682.bat
        106⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        107⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        107⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        107⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        107⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        107⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        107⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        106⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397713.bat
        107⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        108⤵
        Drops file in System32 directory
        
        PID:4716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        108⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        108⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        108⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        108⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        107⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397729.bat
        108⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        109⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        109⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        109⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        109⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        109⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        108⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397744.bat
        109⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        110⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        110⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        110⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        110⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        110⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        109⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397760.bat
        110⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        111⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        111⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        111⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        111⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        111⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        110⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397776.bat
        111⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        112⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        112⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        112⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        112⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        112⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        111⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397791.bat
        112⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        113⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        113⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        113⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        113⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        113⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        113⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        112⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397807.bat
        113⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        114⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        114⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        114⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        114⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        114⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        113⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397822.bat
        114⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        115⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        115⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        115⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        115⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        115⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        114⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397838.bat
        115⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        116⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        116⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        116⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        116⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        116⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        116⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        115⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397854.bat
        116⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        117⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        117⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        117⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        117⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        117⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        116⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259397916.bat
        117⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        118⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        118⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        118⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        118⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        118⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        117⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259399055.bat
        118⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        119⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        119⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        119⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        119⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        119⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        118⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259399882.bat
        119⤵
        
        PID:712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        120⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        120⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        120⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        120⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        119⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259401504.bat
        120⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        121⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        121⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        121⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        120⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259402378.bat
        121⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        122⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        122⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        121⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259403111.bat
        122⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        123⤵
        
        PID:856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        123⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        122⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259404406.bat
        123⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ayEZZEZZ1040.exe" -r -a -s -h
        124⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        123⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d2b282ef026d259405061.bat
        124⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\ayEZZEZZ1040.exe
        
        C:\Windows\system32\ayEZZEZZ1040.exe
        124⤵
        
        PID:4712

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1770691453433381114-18313664521588602455563944751252194461088501273-801286574"
1⤵
PID:3012

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "3015735552095175337972179139-1952108588-1096731250-15954911831940183515-1132004884"
1⤵
PID:1380

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "561784040-162264202358609210214803548306712585329094692521479280850-1541736011"
1⤵
PID:2704

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1086484641327499379-869152464-13961699611369131119295790104996985618-1873308477"
1⤵
PID:2920

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1965118330167637388112316911-1727191005170835397414951272551881583611798311048"
1⤵
PID:2384

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1445933732-5298350475798789041829268751628426883-21183995971751283361-518071465"
1⤵
PID:1940

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-245633796-12330014591730806876-1427182733-1660245122206593186320165117851357846485"
1⤵
PID:1280

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "13426622554653664951222733205-2015121868-914522976-297704867860912434-1915242947"
1⤵
PID:1964

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-153223420815338648351163493021770870946-424619311-15347752591902813664-1061452231"
1⤵
PID:2780

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-84248823-1382298436-2017802301795474514625396666-6528570071505991343620247790"
1⤵
PID:1908

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-651477413531506320-309589984-11641714672625681981032176373-16769781731231139859"
1⤵
PID:2228

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-478631625-2175630231843821559-655724034106598371115200359381048303415-1299065195"
1⤵
PID:1012

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1883146117-1230128553-204855598046422344-398389409291405594683281358-1020281773"
1⤵
PID:3056

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1560913206-41553100-839932349458191708352131-647560062-76725731-483778907"
1⤵
PID:2744

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1872557802-2119094706-511622898-387782205-93685951-13953791701899533871-276094196"
1⤵
PID:3228

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-75770967-1773386031-162793798-488513508-1524107831797178205275601330-2004774101"
1⤵
PID:3100

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-8380402641106049003-145761973814507765588081741341905563328-19716729072013577752"
1⤵
PID:2724

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-819701053-18186002541882866957158146552415761750991565296106-1184425324-1848594681"
1⤵
PID:2892

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-15537426947315927912134181548899853883-753820301400624098-863062723-346001136"
1⤵
PID:3524

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-630212648646455808896089443-759704037776211130636181044560288886-714027675"
1⤵
PID:784

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "20335966611436108726-12731964058313713116448230712559368341935478963-762618729"
1⤵
PID:5112

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "15017067889902768961327033841861928465153322621716566900811682041582-666553495"
1⤵
PID:3948

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2007021281796530817597639442-20402162651477791871-806312880831909162-126728453"
1⤵
PID:2576

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1284782077-187091010116944833774727163997699191074512602947054688791645659013"
1⤵
PID:4808

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1436992054-97510668582384848-1814746196724652182-6671194862007999327-695586466"
1⤵
PID:4276

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1041938548-1320894391364375386780719267-9183778-20419763941787376107147823588"
1⤵
PID:4260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\d2b282ef026d259395482.bat

Filesize
332B

MD5
06618309b98d0c5b95b45e70f844ab42

SHA1
75c5ed9861c5d93d8319334c241f87cc4f807454

SHA256
b68b3f2c245346be5bdc239c3d2ed65344b468da60343326241a4409fa03ce63

SHA512
5c3ff0a3fe9f9520d0ee035f171e7b278f620186f1869af7937a3b766aca04616ee2d081ada266163f6440b197754eab37f8d94049e89d828421f22a7c94b514

Download Submit
C:\d2b282ef026d259395560.bat

Filesize
188B

MD5
1a7a6c10bb7d283bb6a640e03628b57e

SHA1
b36b1090e7e2f26727df2ead78d6d063f2b5c2ef

SHA256
579b852cda40aceb7df498872dbb41e77a395926fcc481c0a758c3df67c9c570

SHA512
00b1055c1342093c515abdb338448e054f0a01ec27d56eae0443c196e9308613a9bef8b5e0943a50feb14a310f481c129e43318305cd21a0c30e486bb0cd362c

Download Submit
\Windows\SysWOW64\ayEZZEZZ1040.exe

Filesize
6KB

MD5
0167f07d17a27ca5b585b4ea8b31c48c

SHA1
72dfc10b896e88199f980fa5bb72021f7766f866

SHA256
eeec18fb099dd4d469bd2bf0f27e49248b47dfb0917ae5a7847574148af949ec

SHA512
96e88eae03ad5b1f4dafc783ff34fa6f069f3be03f69511d1e05964c24009d04f02a5926e35865991b3bbb713e321405c3179dc99e090900495d17ca4d18b8fa

Download Submit