4f83bba9963a2113fed97946434bc62f2cfbd75899307c4e83a559cfa9f1e9d7

Analysis

max time kernel
150s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

266ae677831f1d4c0683030811029f93_JaffaCakes118.exe
Size

167KB
MD5

266ae677831f1d4c0683030811029f93
SHA1

f1611409d9cd0944c8c74276e4496ca0f6c091bf
SHA256

4f83bba9963a2113fed97946434bc62f2cfbd75899307c4e83a559cfa9f1e9d7
SHA512

a3b421560a3d01a47405b6a86e17d966921fb30eb1b8181fdcdd917f3f0d807c48cc38b9b04e3e680fdd3a715d86cc23ad7d99b1f535d1e0d146d1772405d849
SSDEEP

3072:eY7tE473pyAf5WFgh0cg+iEBf1uFZ+DOHUw2tsDCIGSO2KYSmR1:eEK63pT5qm0T+iwuj+eUxKDCRhw1

Score

7^/10

persistence upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\Control Panel\International\Geo\Nation	266ae677831f1d4c0683030811029f93_JaffaCakes118.exe

Executes dropped EXE 6 IoCs

pid	Process
3228	moyy.exe
4456	dsms.exe
3924	ravmsmon.exe
1872	myfins.exe
1844	myfins.exe
4268	myfins.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000700000002351f-122.dat	upx
behavioral2/memory/4520-126-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/7412-903-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral2/files/0x000900000002354e-890.dat	upx
behavioral2/memory/7412-993-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral2/memory/7412-1025-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral2/memory/4520-1832-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ravmsmon = "C:\\Program Files\\NetMeeting\\ravmsmon.exe"	ravmsmon.exe

Drops file in System32 directory 24 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\myfpri.dll	myfins.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File created	C:\Windows\SysWOW64\myfpri.dll	moyy.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\myfpri.dll	myfins.exe
File opened for modification	C:\Windows\SysWOW64\myfins.exe	myfins.exe
File opened for modification	C:\Windows\SysWOW64\myfini.dll	moyy.exe
File opened for modification	C:\Windows\SysWOW64\myfins.exe	moyy.exe
File created	C:\Windows\SysWOW64\myfpri.dll	myfins.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File created	C:\Windows\SysWOW64\myfpri.dll	myfins.exe
File opened for modification	C:\Windows\SysWOW64\myfpri.dll	moyy.exe
File created	C:\Windows\SysWOW64\myfins.exe	moyy.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\myfins.exe	myfins.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\NetMeeting\ravmsmon.exe	dsms.exe
File created	C:\Program Files\NetMeeting\ravmsmon.exe	dsms.exe
File opened for modification	C:\Program Files\NetMeeting\ravmsmon.cfg	ravmsmon.exe
File opened for modification	C:\Program Files\NetMeeting\ravmsmon.dat	ravmsmon.exe
File created	C:\Program Files\NetMeeting\ravmsmon.dat	ravmsmon.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 9 IoCs

pid	pid_target	Process	procid_target
5848	5132	WerFault.exe	248
2492	16292	Process not Found	1614
13076	16596	Process not Found	1627
14696	15024	Process not Found	1646
17284	16216	Process not Found	1789
6256	14124	Process not Found	1802
16504	17088	Process not Found	1720
14636	10244	Process not Found	2306
8480	8132	Process not Found	2623

Modifies registry class 12 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6562452F-FA36-BA4F-892A-FF5FBBAC5316}\InprocServer32\ = "C:\\Windows\\SysWow64\\myfpri.dll"	myfins.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6562452F-FA36-BA4F-892A-FF5FBBAC5316}\InprocServer32	myfins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6562452F-FA36-BA4F-892A-FF5FBBAC5316}\InprocServer32\ = "C:\\Windows\\SysWow64\\myfpri.dll"	myfins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6562452F-FA36-BA4F-892A-FF5FBBAC5316}\InprocServer32\ThreadingModel = "Apartment"	myfins.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6562452F-FA36-BA4F-892A-FF5FBBAC5316}\InprocServer32	moyy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	moyy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	moyy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6562452F-FA36-BA4F-892A-FF5FBBAC5316}	moyy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6562452F-FA36-BA4F-892A-FF5FBBAC5316}\InprocServer32\ = "C:\\Windows\\SysWow64\\myfpri.dll"	moyy.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6562452F-FA36-BA4F-892A-FF5FBBAC5316}\InprocServer32\ThreadingModel = "Apartment"	moyy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6562452F-FA36-BA4F-892A-FF5FBBAC5316}\InprocServer32	myfins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6562452F-FA36-BA4F-892A-FF5FBBAC5316}\InprocServer32\ThreadingModel = "Apartment"	myfins.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4456	dsms.exe
4456	dsms.exe
4456	dsms.exe
4456	dsms.exe
3924	ravmsmon.exe
3924	ravmsmon.exe
3924	ravmsmon.exe
3924	ravmsmon.exe
3924	ravmsmon.exe
3924	ravmsmon.exe
3228	moyy.exe
3228	moyy.exe
1872	myfins.exe
1872	myfins.exe
1844	myfins.exe
1844	myfins.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1068	266ae677831f1d4c0683030811029f93_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3924	ravmsmon.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 3228	1068	266ae677831f1d4c0683030811029f93_JaffaCakes118.exe	83
PID 1068 wrote to memory of 3228	1068	266ae677831f1d4c0683030811029f93_JaffaCakes118.exe	83
PID 1068 wrote to memory of 3228	1068	266ae677831f1d4c0683030811029f93_JaffaCakes118.exe	83
PID 1068 wrote to memory of 4456	1068	266ae677831f1d4c0683030811029f93_JaffaCakes118.exe	224
PID 1068 wrote to memory of 4456	1068	266ae677831f1d4c0683030811029f93_JaffaCakes118.exe	224
PID 1068 wrote to memory of 4456	1068	266ae677831f1d4c0683030811029f93_JaffaCakes118.exe	224
PID 4456 wrote to memory of 3924	4456	dsms.exe	160
PID 4456 wrote to memory of 3924	4456	dsms.exe	160
PID 4456 wrote to memory of 3924	4456	dsms.exe	160
PID 3228 wrote to memory of 3160	3228	moyy.exe	86
PID 3228 wrote to memory of 3160	3228	moyy.exe	86
PID 3228 wrote to memory of 3160	3228	moyy.exe	86
PID 3924 wrote to memory of 3424	3924	ravmsmon.exe	56
PID 3228 wrote to memory of 1872	3228	moyy.exe	88
PID 3228 wrote to memory of 1872	3228	moyy.exe	88
PID 3228 wrote to memory of 1872	3228	moyy.exe	88
PID 4456 wrote to memory of 4360	4456	dsms.exe	89
PID 4456 wrote to memory of 4360	4456	dsms.exe	89
PID 4456 wrote to memory of 4360	4456	dsms.exe	89
PID 1872 wrote to memory of 4276	1872	myfins.exe	91
PID 1872 wrote to memory of 4276	1872	myfins.exe	91
PID 1872 wrote to memory of 4276	1872	myfins.exe	91
PID 3160 wrote to memory of 4844	3160	cmd.exe	92
PID 3160 wrote to memory of 4844	3160	cmd.exe	92
PID 3160 wrote to memory of 4844	3160	cmd.exe	92
PID 3160 wrote to memory of 4380	3160	cmd.exe	166
PID 3160 wrote to memory of 4380	3160	cmd.exe	166
PID 3160 wrote to memory of 4380	3160	cmd.exe	166
PID 4276 wrote to memory of 3580	4276	cmd.exe	2225
PID 4276 wrote to memory of 3580	4276	cmd.exe	2225
PID 4276 wrote to memory of 3580	4276	cmd.exe	2225
PID 1872 wrote to memory of 1844	1872	myfins.exe	2261
PID 1872 wrote to memory of 1844	1872	myfins.exe	2261
PID 1872 wrote to memory of 1844	1872	myfins.exe	2261
PID 4276 wrote to memory of 264	4276	cmd.exe	2189
PID 4276 wrote to memory of 264	4276	cmd.exe	2189
PID 4276 wrote to memory of 264	4276	cmd.exe	2189
PID 3160 wrote to memory of 4236	3160	cmd.exe	98
PID 3160 wrote to memory of 4236	3160	cmd.exe	98
PID 3160 wrote to memory of 4236	3160	cmd.exe	98
PID 4276 wrote to memory of 2852	4276	cmd.exe	204
PID 4276 wrote to memory of 2852	4276	cmd.exe	204
PID 4276 wrote to memory of 2852	4276	cmd.exe	204
PID 3160 wrote to memory of 2356	3160	cmd.exe	100
PID 3160 wrote to memory of 2356	3160	cmd.exe	100
PID 3160 wrote to memory of 2356	3160	cmd.exe	100
PID 4276 wrote to memory of 792	4276	cmd.exe	101
PID 4276 wrote to memory of 792	4276	cmd.exe	101
PID 4276 wrote to memory of 792	4276	cmd.exe	101
PID 1844 wrote to memory of 3316	1844	myfins.exe	102
PID 1844 wrote to memory of 3316	1844	myfins.exe	102
PID 1844 wrote to memory of 3316	1844	myfins.exe	102
PID 3160 wrote to memory of 1192	3160	cmd.exe	103
PID 3160 wrote to memory of 1192	3160	cmd.exe	103
PID 3160 wrote to memory of 1192	3160	cmd.exe	103
PID 4276 wrote to memory of 3100	4276	cmd.exe	5202
PID 4276 wrote to memory of 3100	4276	cmd.exe	5202
PID 4276 wrote to memory of 3100	4276	cmd.exe	5202
PID 3160 wrote to memory of 2716	3160	cmd.exe	6156
PID 3160 wrote to memory of 2716	3160	cmd.exe	6156
PID 3160 wrote to memory of 2716	3160	cmd.exe	6156
PID 4276 wrote to memory of 2624	4276	cmd.exe	2853
PID 4276 wrote to memory of 2624	4276	cmd.exe	2853
PID 4276 wrote to memory of 2624	4276	cmd.exe	2853

Views/modifies file attributes 1 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
7952	Process not Found
14324	Process not Found
16876	Process not Found
7284	Process not Found
6516	Process not Found
11748	Process not Found
10852	Process not Found
1128	Process not Found
12028	Process not Found
16736	Process not Found
5740	Process not Found
4384	Process not Found
9360	Process not Found
8480	Process not Found
16212	Process not Found
7396	Process not Found
9924	Process not Found
7900	Process not Found
2404	Process not Found
964	Process not Found
9432	Process not Found
9260	Process not Found
11032	Process not Found
2832	Process not Found
12932	Process not Found
6040	Process not Found
9712	Process not Found
9940	Process not Found
13532	Process not Found
11284	Process not Found
7136	Process not Found
10152	Process not Found
13272	Process not Found
1476	Process not Found
3092	Process not Found
11500	Process not Found
5300	Process not Found
5820	Process not Found
12040	Process not Found
13244	Process not Found
12700	Process not Found
16596	Process not Found
13060	Process not Found
8028	Process not Found
3484	Process not Found
6612	Process not Found
2268	Process not Found
13972	Process not Found
16812	Process not Found
1004	Process not Found
14784	Process not Found
17252	Process not Found
13092	Process not Found
11112	Process not Found
11944	Process not Found
4372	Process not Found
10196	Process not Found
8548	Process not Found
10712	Process not Found
17140	Process not Found
14692	Process not Found
17388	Process not Found
9184	Process not Found
12784	Process not Found

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3424
- C:\Users\Admin\AppData\Local\Temp\266ae677831f1d4c0683030811029f93_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\266ae677831f1d4c0683030811029f93_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: RenamesItself
  - Suspicious use of WriteProcessMemory
  PID:1068
- - C:\Users\Admin\AppData\Local\Temp\moyy.exe
    "C:\Users\Admin\AppData\Local\Temp\moyy.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3228
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\DFD240624921.bat
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3160
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        Drops file in System32 directory
        
        PID:4844
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        Drops file in System32 directory
        
        PID:4380
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        Drops file in System32 directory
        
        PID:4236
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        Drops file in System32 directory
        
        PID:2356
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        Drops file in System32 directory
        
        PID:1192
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        Drops file in System32 directory
        
        PID:2716
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        Drops file in System32 directory
        
        PID:640
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:4764
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:4340
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:3028
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2440
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2292
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:4484
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:5008
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:4940
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:880
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2616
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:3844
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:1184
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:264
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:6164
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:8944
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:10560
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:12640
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:14596
  - - C:\Windows\SysWOW64\myfins.exe
      C:\Windows\system32\myfins.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1872
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240625015.bat
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4276
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        Drops file in System32 directory
        
        PID:3580
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        Drops file in System32 directory
        
        PID:264
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        Drops file in System32 directory
        
        PID:2852
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        Drops file in System32 directory
        
        PID:792
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        Drops file in System32 directory
        
        PID:3100
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        Drops file in System32 directory
        
        PID:2624
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:696
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:2296
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:2944
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:3404
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:4524
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:3436
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:6008
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:8968
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:10796
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:11928
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:13340
    - - C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1844
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240625187.bat
        6⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:12972
      - C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        6⤵
        Executes dropped EXE
        
        PID:4268
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240625265.bat
        7⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:14812
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        7⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240625359.bat
        8⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:14556
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        8⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240625437.bat
        9⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:12528
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:15004
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        9⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240625531.bat
        10⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        10⤵
        
        PID:840
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240625609.bat
        11⤵
        
        PID:3568
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        12⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        11⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240625687.bat
        12⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        12⤵
        
        PID:696
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240625765.bat
        13⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        13⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240625906.bat
        14⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:12308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        14⤵
        
        PID:644
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240625984.bat
        15⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:14348
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        15⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626078.bat
        16⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:14340
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        16⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626171.bat
        17⤵
        
        PID:456
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        17⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626281.bat
        18⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:13376
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        18⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626375.bat
        19⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:14648
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        19⤵
        
        PID:264
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626468.bat
        20⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:14172
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        20⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626578.bat
        21⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:15336
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        21⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626671.bat
        22⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:10180
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        22⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626765.bat
        23⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:13640
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        23⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626859.bat
        24⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:13468
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        24⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626968.bat
        25⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:12688
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:13996
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        25⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240627140.bat
        26⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:14500
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        26⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240627234.bat
        27⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        27⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240627328.bat
        28⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        28⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240627593.bat
        29⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:12292
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        29⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240627765.bat
        30⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        30⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240627937.bat
        31⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        31⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240628125.bat
        32⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:14760
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        32⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240628281.bat
        33⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:14604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:13872
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        33⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240628421.bat
        34⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:11052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:13332
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        34⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240628515.bat
        35⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:13152
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        35⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240628625.bat
        36⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:14480
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        36⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240628812.bat
        37⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:13948
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        37⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240628953.bat
        38⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        39⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        39⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        39⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        39⤵
        
        PID:13324
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        38⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240629046.bat
        39⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        40⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        40⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        40⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        40⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        39⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240629156.bat
        40⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        41⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        41⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        41⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        41⤵
        
        PID:11772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        41⤵
        
        PID:14104
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        40⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240629265.bat
        41⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        42⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        42⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        42⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        41⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240629390.bat
        42⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        43⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        43⤵
        
        PID:10856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        43⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        43⤵
        
        PID:13632
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        42⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240629500.bat
        43⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        44⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        44⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        44⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        43⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240629625.bat
        44⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        45⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        45⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        45⤵
        
        PID:12948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        45⤵
        
        PID:14096
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        44⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240629718.bat
        45⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        46⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        46⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        46⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        45⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240629812.bat
        46⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        47⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        47⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        47⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        46⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240629906.bat
        47⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        48⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        48⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        48⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        47⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240630093.bat
        48⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:14160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:14828
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        48⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240630187.bat
        49⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        50⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        50⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        50⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        50⤵
        
        PID:14852
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        49⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240630296.bat
        50⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        51⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        51⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        51⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        51⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        50⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240630375.bat
        51⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        52⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        52⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        52⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        51⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240630468.bat
        52⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        53⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        53⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        53⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        52⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240630562.bat
        53⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        54⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        54⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        54⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        53⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240630687.bat
        54⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        55⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        55⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        55⤵
        
        PID:14204
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        54⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240630796.bat
        55⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        56⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        56⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        56⤵
        
        PID:12944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        56⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        55⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240630937.bat
        56⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        57⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        57⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        57⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        57⤵
        
        PID:13468
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        56⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240631015.bat
        57⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        58⤵
        
        PID:10424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        58⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        58⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        57⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240631109.bat
        58⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        59⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        59⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        58⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240631281.bat
        59⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        60⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        60⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        59⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240631390.bat
        60⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        61⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        61⤵
        
        PID:13508
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        60⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240631515.bat
        61⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        62⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        62⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        61⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240631703.bat
        62⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        63⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        63⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        62⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        63⤵
        
        PID:10764
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240631906.bat
        64⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        65⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        65⤵
        
        PID:13664
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        64⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240632000.bat
        65⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        66⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        66⤵
        
        PID:13920
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        65⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240632140.bat
        66⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        67⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        67⤵
        
        PID:14656
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        66⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240632312.bat
        67⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        68⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        68⤵
        
        PID:15192
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        67⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240632468.bat
        68⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        69⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        69⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        68⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240632562.bat
        69⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        70⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        70⤵
        
        PID:14972
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        69⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240632734.bat
        70⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        71⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        71⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        70⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240632828.bat
        71⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        72⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        71⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240632953.bat
        72⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        73⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        73⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        72⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240633125.bat
        73⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        74⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        73⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240633265.bat
        74⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        75⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        74⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240633375.bat
        75⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        76⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        75⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240633531.bat
        76⤵
        
        PID:10708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        77⤵
        
        PID:13528
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        76⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240633609.bat
        77⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        78⤵
        
        PID:13624
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        77⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240633718.bat
        78⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        79⤵
        
        PID:14236
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        78⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240633828.bat
        79⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        80⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        79⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240633953.bat
        80⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        81⤵
        
        PID:14048
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        80⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240634062.bat
        81⤵
        
        PID:13044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        82⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        81⤵
        
        PID:13192
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240634265.bat
        82⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        83⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        82⤵
        
        PID:12492
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240634437.bat
        83⤵
        
        PID:13136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        84⤵
        
        PID:14932
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        83⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240634578.bat
        84⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        85⤵
        
        PID:13964
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        84⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240634796.bat
        85⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        86⤵
        
        PID:14456
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        85⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240634921.bat
        86⤵
        
        PID:13316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        87⤵
        
        PID:14112
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        86⤵
        
        PID:13448
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240635171.bat
        87⤵
        
        PID:13924
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        88⤵
        
        PID:14256
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        87⤵
        
        PID:14152
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240635328.bat
        88⤵
        
        PID:14260
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        88⤵
        
        PID:13092
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240635500.bat
        89⤵
        
        PID:13668
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        89⤵
        
        PID:14036
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240635609.bat
        90⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        90⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240635734.bat
        91⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        91⤵
        
        PID:11444
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240635906.bat
        92⤵
        
        PID:14200
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        92⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240636031.bat
        93⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        93⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240636156.bat
        94⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        94⤵
        
        PID:14364
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        95⤵
        
        PID:14752
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240636500.bat
        96⤵
        
        PID:14964
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        96⤵
        
        PID:15080
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240636609.bat
        97⤵
        
        PID:15248
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        97⤵
        
        PID:14380
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240636890.bat
        98⤵
        
        PID:14100
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        98⤵
        
        PID:14888
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240637000.bat
        99⤵
        
        PID:14976
        
        C:\Windows\SysWOW64\myfins.exe
        
        C:\Windows\system32\myfins.exe
        99⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240637125.bat
        100⤵
        
        PID:13428
- - C:\Users\Admin\AppData\Local\Temp\dsms.exe
    "C:\Users\Admin\AppData\Local\Temp\dsms.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4456
  - - C:\Program Files\NetMeeting\ravmsmon.exe
      "C:\Program Files\NetMeeting\ravmsmon.exe"
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:3924
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\dsms.exe"
      4⤵
      PID:4360
- - C:\Users\Admin\AppData\Local\Temp\dhs.exe
    "C:\Users\Admin\AppData\Local\Temp\dhs.exe"
    3⤵
    PID:4520
- - C:\Users\Admin\AppData\Local\Temp\wdwd.exe
    "C:\Users\Admin\AppData\Local\Temp\wdwd.exe"
    3⤵
    PID:1576
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\DFD240625562.bat
      4⤵
      PID:2480
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:4708
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:5480
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:5356
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:8536
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:12064
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:13416
  - - C:\Windows\SysWOW64\wddins.exe
      C:\Windows\system32\wddins.exe
      4⤵
      PID:3112
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240625656.bat
        5⤵
        
        PID:3964
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:1500
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:6352
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:7644
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:11152
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:13184
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:12560
    - - C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        5⤵
        
        PID:1696
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240625734.bat
        6⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:14212
      - C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        6⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240625812.bat
        7⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:9456
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        7⤵
        
        PID:880
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240625906.bat
        8⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        8⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626000.bat
        9⤵
        
        PID:900
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:13344
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        9⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626093.bat
        10⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:13692
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        10⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626171.bat
        11⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:15200
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        11⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626281.bat
        12⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:14864
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        12⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626375.bat
        13⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        13⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626484.bat
        14⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:14424
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        14⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626609.bat
        15⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        15⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626718.bat
        16⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:15300
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        16⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626828.bat
        17⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:15132
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        17⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240626937.bat
        18⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:10696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        18⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240627156.bat
        19⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:10912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:13916
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        19⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240627265.bat
        20⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:13860
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        20⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240627421.bat
        21⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:15104
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        21⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240627609.bat
        22⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:13688
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        22⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240627750.bat
        23⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        23⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240627875.bat
        24⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:14192
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        24⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240628031.bat
        25⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:13780
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        25⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240628156.bat
        26⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        26⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240628296.bat
        27⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:13492
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        27⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240628406.bat
        28⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        28⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240628500.bat
        29⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:15112
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        29⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240628656.bat
        30⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        30⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240628781.bat
        31⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        31⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240628859.bat
        32⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:13396
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        32⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240629031.bat
        33⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:11852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:10180
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        33⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240629156.bat
        34⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:13636
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        34⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240629265.bat
        35⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:14664
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        35⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240629390.bat
        36⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:10200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        36⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240629546.bat
        37⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:10912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:12636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        37⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240629671.bat
        38⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        39⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        39⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        39⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        39⤵
        
        PID:14696
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        38⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240629781.bat
        39⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        40⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        40⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        40⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        39⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240629875.bat
        40⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        41⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        41⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        41⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        40⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240630000.bat
        41⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        42⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        42⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        42⤵
        
        PID:12440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        42⤵
        
        PID:15120
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        41⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240630109.bat
        42⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        43⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        43⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        43⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        42⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240630281.bat
        43⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        44⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        44⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        44⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        43⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240630406.bat
        44⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        45⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        45⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        45⤵
        
        PID:14784
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        44⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240630546.bat
        45⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        46⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        46⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        46⤵
        
        PID:12316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        46⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        45⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240630687.bat
        46⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        47⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        47⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        47⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        46⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240630875.bat
        47⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        48⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        48⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        48⤵
        
        PID:13788
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        47⤵
        
        PID:9732
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240630953.bat
        48⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:13832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:12996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:14944
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        48⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240631078.bat
        49⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        50⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        50⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        50⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        50⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        50⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        50⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        50⤵
        
        PID:13840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        50⤵
        
        PID:14984
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        49⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240631171.bat
        50⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        51⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        51⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        50⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240631265.bat
        51⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        52⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        52⤵
        
        PID:12728
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        51⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240631359.bat
        52⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        53⤵
        
        PID:10200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        53⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        53⤵
        
        PID:13432
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        52⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240631453.bat
        53⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        54⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        54⤵
        
        PID:13540
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        53⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240631546.bat
        54⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        55⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        55⤵
        
        PID:13736
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        54⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240631656.bat
        55⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        56⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        56⤵
        
        PID:11852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        56⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        55⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240631796.bat
        56⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        57⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        57⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        57⤵
        
        PID:15172
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        56⤵
        
        PID:10756
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240631906.bat
        57⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        58⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        58⤵
        
        PID:13808
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        57⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240632015.bat
        58⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        59⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        59⤵
        
        PID:13564
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        58⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240632109.bat
        59⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        60⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        60⤵
        
        PID:13612
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        59⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240632203.bat
        60⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        61⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        61⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        60⤵
        
        PID:10528
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240632296.bat
        61⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        62⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        62⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        61⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240632453.bat
        62⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        63⤵
        
        PID:12292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        63⤵
        
        PID:13864
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        62⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240632578.bat
        63⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        64⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        64⤵
        
        PID:14292
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        63⤵
        
        PID:10920
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240632687.bat
        64⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        65⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        65⤵
        
        PID:14232
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        64⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240632828.bat
        65⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        66⤵
        
        PID:10204
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        65⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240632953.bat
        66⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        67⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        66⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240633109.bat
        67⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        68⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        67⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240633250.bat
        68⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        69⤵
        
        PID:12828
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        68⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240633390.bat
        69⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        70⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        69⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240633515.bat
        70⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        71⤵
        
        PID:13500
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        70⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240633640.bat
        71⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        72⤵
        
        PID:13632
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        71⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240633828.bat
        72⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        73⤵
        
        PID:13164
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        72⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240633953.bat
        73⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        74⤵
        
        PID:13424
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        73⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240634109.bat
        74⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        75⤵
        
        PID:13432
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        74⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240634265.bat
        75⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        76⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        75⤵
        
        PID:12508
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240634375.bat
        76⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        77⤵
        
        PID:14796
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        76⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240634546.bat
        77⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        78⤵
        
        PID:13440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        78⤵
        
        PID:15284
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        77⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240634718.bat
        78⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        79⤵
        
        PID:15032
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        78⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240634843.bat
        79⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        80⤵
        
        PID:13876
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        79⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240635031.bat
        80⤵
        
        PID:13596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        81⤵
        
        PID:12460
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        80⤵
        
        PID:13704
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240635140.bat
        81⤵
        
        PID:13824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        82⤵
        
        PID:13688
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        81⤵
        
        PID:13980
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240635234.bat
        82⤵
        
        PID:14144
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        82⤵
        
        PID:14220
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240635453.bat
        83⤵
        
        PID:13408
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        83⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240635562.bat
        84⤵
        
        PID:13956
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        84⤵
        
        PID:14140
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240635750.bat
        85⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        85⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240636015.bat
        86⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        86⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240636203.bat
        87⤵
        
        PID:14388
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        87⤵
        
        PID:14488
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240636328.bat
        88⤵
        
        PID:14640
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        88⤵
        
        PID:14744
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240636437.bat
        89⤵
        
        PID:14844
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        89⤵
        
        PID:14924
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240636562.bat
        90⤵
        
        PID:15160
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        90⤵
        
        PID:15232
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240636718.bat
        91⤵
        
        PID:13724
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        91⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240636843.bat
        92⤵
        
        PID:13860
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        92⤵
        
        PID:14184
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240636984.bat
        93⤵
        
        PID:14904
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        93⤵
        
        PID:13716
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\DFD240637093.bat
        94⤵
        
        PID:12764
        
        C:\Windows\SysWOW64\wddins.exe
        
        C:\Windows\system32\wddins.exe
        94⤵
        
        PID:14308
- - C:\Users\Admin\AppData\Local\Temp\mhlan.exe
    "C:\Users\Admin\AppData\Local\Temp\mhlan.exe"
    3⤵
    PID:5132
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 328
      4⤵
      Program crash
      PID:5848
- - C:\Users\Admin\AppData\Local\Temp\xhzt.exe
    "C:\Users\Admin\AppData\Local\Temp\xhzt.exe"
    3⤵
    PID:5152
  - - C:\Program Files\NetMeeting\ravztmon.exe
      "C:\Program Files\NetMeeting\ravztmon.exe"
      4⤵
      PID:5328
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\xhzt.exe"
      4⤵
      PID:5636
- - C:\Users\Admin\AppData\Local\Temp\xhjh.exe
    "C:\Users\Admin\AppData\Local\Temp\xhjh.exe"
    3⤵
    PID:5540
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\delself.bat" "
      4⤵
      PID:6428
- - C:\Users\Admin\AppData\Local\Temp\qqmm.exe
    "C:\Users\Admin\AppData\Local\Temp\qqmm.exe"
    3⤵
    PID:7412
- - C:\Users\Admin\AppData\Local\Temp\close.exe
    "C:\Users\Admin\AppData\Local\Temp\close.exe"
    3⤵
    PID:14992
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\d7cddma.bat
      4⤵
      PID:13328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5132 -ip 5132
1⤵
PID:5828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\DFD240624921.bat

Filesize
176B

MD5
2afeebcd2748d7fe6a9deb1ef8f83046

SHA1
4bddd82d8955f53a4a8ca922286e02858dbe1eda

SHA256
c0348f6f1c884212db58ebedf50a1f852712366063e5e8c3ae9701b0b4f7e731

SHA512
457f362c884681eb306f6c8718abfdc468eb2598ef46a9740381cb89919ffdd34f5e2fe15967eee3559de493f12d5abb6959accc395037f3f8e15e06f13446cd

Download Submit
C:\DFD240633953.bat

Filesize
352B

MD5
511039527f76d2b58fb39e15c1f877c8

SHA1
a9e06144f393b611adcbda91c4287a8c46b49868

SHA256
9eacba148fa6253dc6eef365404c767bf7acd4144b831c7121785ae5fa3cd590

SHA512
3359b059b7c2dd25fb02d35ae4489b68722c1005dbea4e01bcebf065cf766c04923a57620dd3d0c149da8b2391e98d4d478fdc93574b6d9974ce177f3f8ed993

Download Submit
C:\DFD240640109.bat

Filesize
170B

MD5
8f050cb9f1d3d15d6ef01a70a1dcbfad

SHA1
8e51d54c2b10db34910ebca1bafd334c54c3a983

SHA256
81e51364b2af48d17284d53754d92fe5c4a9814488794a31ada31b61c99e12bf

SHA512
7555c2cd3a50bfa9e4c0c186c8f15718b37e1d0e6ae59139f4e1c48932aaf06bb4ca9ee6aa81c2abb1507009088a48cb3777f9be0a756a7de6cb4a9960120813

Download Submit
C:\DFD240645062.bat

Filesize
170B

MD5
80256076efa5044f4b19c2f93dd40100

SHA1
b20d8102d1b382b68293fc7bbc223e993b66d8f7

SHA256
bd6f2f48d196cc6a256f223c29cac1b263a2865936fa6216caf69d148df51bf6

SHA512
acd2ca208ebdf3bee1c57a5cf677fa1118bf2a9fadfbf42c70bdbe139d93c330a7598a6b73eec168b40f44ccaa25e6ad42625e22e22d0aaa776909419c0d921b

Download Submit
C:\Users\Admin\AppData\Local\Temp\close.exe

Filesize
11KB

MD5
6d1a4d42abb451559c627c3b66e2fa2c

SHA1
9525f92f0f0735a11e352d38ec0c3857a1f5eac5

SHA256
b4b2c2dbbdc744a95f6ffff624c18abdcc706d554a1fbc3e5a7ad825b6e1277e

SHA512
8a599f55c3cff3f1c04d1793c28bab695a6189c57eb7ca757689de3a5e43c56ec2d09ce4a1cee837b3667080590b6a834ae16a2586d350a9cb8fc4fcfc84dd4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\dhs.exe

Filesize
14KB

MD5
9448daae0ee4794053bb5931cf20fa76

SHA1
911b0264a16ee82ca0a4117e8f1bd434cf52ad15

SHA256
310f759c97ceecb3f9973c2d57739c9a6a118a479b19b14ec73ebaadb9f10494

SHA512
24866e42c68f9626cf802307b78f5b202d15076ddbe6e55137bc715b137200add06bc05c69a5b6e7c005d290572fe73e467a04aa4b7b605023b5d24bab232589

Download Submit
C:\Users\Admin\AppData\Local\Temp\dsms.exe

Filesize
14KB

MD5
d66b6527018832095f5ad2ce4f64c451

SHA1
607117703a0e4594edfa455ad43c64f9220d9021

SHA256
2e40a32b60b91a2da8152f87d4be079c123f4522ec7598f606965600ec4de7fa

SHA512
990bc42430296561c44ba51e39b79307434edc5ab9aba1802e02fc7bf2753f36cb2585ccc2c9cde6680380416457d031f3919f92b5a8aa30b8ceb83d59a1a080

Download Submit
C:\Users\Admin\AppData\Local\Temp\mhlan.dat

Filesize
19KB

MD5
9a3e1546336a37b0cf72189f61012d76

SHA1
f728cffda03c44ce1efcb6c98934ce8bd5e2eb8d

SHA256
7a30c05be5bf9a7b937327653b4b8049d64ed18ae6feeab8f2608ef253eeebfc

SHA512
6f33735be0f6ab098bfb9e1f7a56343dc0295a43360b2cec3a096281006a11db1cb4a140093be4543658f1c9d18fb7be28977097fcb3759894f563c1010b81f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\mhlan.exe

Filesize
23KB

MD5
8c738929713fdeb497212fb037a05ab7

SHA1
84c220c8d2353b504b9310890e1e0185b694942d

SHA256
a3b0724ae5253ab005532b83f7991c81792d628f9e7bca6d4865e8d85fa3d230

SHA512
be46fedea8bdcb4f2971ad25ce3fafc1c4bdda0ae4920c7c6c87e19dcff0e70810ba8cbd398ba32ae6ce0ce3f646be856cf0b97910a13641e0e624674f86f66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\moyy.exe

Filesize
12KB

MD5
ba588978426c25550fae3ca82ad2a5bf

SHA1
e73b6189010cda79544058e4d7297eb01cc4ba3a

SHA256
ae103495b5001bf70dea7d4e0a731194f8ab481385a994e669be1ab6639f863a

SHA512
309a6c2608925523e9adba2f417cf78ad29dfe25fb173051080a77f6e30e7f62fe6d8a48ecae7c752189e7deb79a93ee6bcbc7edd1135a1fc4c507d20830ce2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\qqmm.exe

Filesize
32KB

MD5
87381443c06a20d660718af05a2a8d58

SHA1
16239399b1a791b3185c00c9f219da8e2942227f

SHA256
d6f25ca4cecb633e2ab96cb4f456f639845ff06cb23767054f6a0cbc616168b0

SHA512
af64371c32a9bb8eff09b2498042adc1d844062941945d48cb281ce3710d241e59d158f3e749e958260a1cd1e9e4671d4d65f00b45a289fa27f1e51451972fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\wdwd.exe

Filesize
10KB

MD5
d31cac02e223012dd33103f848389491

SHA1
3ac00c86790282a8581d4834f3ced0f4f1c0fa68

SHA256
4f8ff5179e21df85f9e638967ab7673e69816bd2e47428c87053941b1e5830a8

SHA512
3989d25eb8b4fc160714e4f5b48a1bda76490ca5e0dac9af62540f10100ce87f22789275d98a51dbef13c315e2190e5d122d6079c73322ca05b5bcb81cbc17ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\xhjh.exe

Filesize
14KB

MD5
3d5baba93ea1e9e868c2fbcd4e9db652

SHA1
40552f580d840a0100fe00c7aaf6eec62ad6e185

SHA256
515d86ae71ba6d92b769640308f55212e1766b194238d796831db463668f1fd0

SHA512
c4cb98d7e496cb4625dc623a15ea1bc0c31d364e21a7af581f9272b0be80009db65666cbc59f60648061a7a2904dd5716264dad3662bacf31a3ada2f692916a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\xhzt.exe

Filesize
17KB

MD5
d29b1f009cbe88223dc947621ee37c7a

SHA1
3d75e2352d61866308c014fafa9ab06e7ce23a80

SHA256
1716f52e91888678cc85cb4784e7b56f4d5ee1108a7a48ec7eeea32154a9e530

SHA512
51ad30c185a473923ef49a33c3fce1bceeb6f59549811e30fa6a3d63c722b4058ce16f917c487cb3f8618f71f3f0bcf5fc8b208d88e4acff8a3e869f49dffc44

Download Submit
C:\Windows\SysWOW64\myfini.dll

Filesize
50B

MD5
a6353481141d546e45aed17d965161d0

SHA1
751a8c4e7c2ad9dda7cf76c7a5d700fa762f95ec

SHA256
a501c9b2235f2c60dfedc873f79988547dac891d213947da05ae2c6408ce0bed

SHA512
57028775a4b428e3ca907739301c30394288d299e625474b7376e365eb6e6dc2e4fc8842f46367fbc4533f52986443927a660c082d6f1aee7dc6bfb0a53499bd

Download Submit
C:\Windows\SysWOW64\myfpri.dll

Filesize
20KB

MD5
47ee49ff885c866120e956608222c4e5

SHA1
c09f8dc68a18e020516a0b631a5fecfeb222ec79

SHA256
6c70df0332d5f6c32e1be4aa0beb7be30e046685a3e9a00bce675ab0b8d0a1b7

SHA512
97acf198d11c75d864754bf0a262762c3c75aad06a1a57d8df4238cb8d3611b288cc42090a77c03307c43a3fe1cc8711517e25232a155c6641fea66f42495374

Download Submit
C:\Windows\SysWOW64\wdcini.dll

Filesize
48B

MD5
f43bfa8f2ddd49ab6974cb32250aa991

SHA1
95c30853e616432929454f1ddbd1b6603127acab

SHA256
554708da336745b2b3ed1b0e35727ab3c41bda40df311f4c1c2e5869718d53bd

SHA512
45a60a85dbf2eb664cb24357bf0302f25d9680340c19c88d7c131644d4ef7e27385cdea6c4a34def205e3dda38c48530388388b689be776cd78f81134217b701

Download Submit
C:\Windows\SysWOW64\wddpri.dll

Filesize
16KB

MD5
7945c425c11ff1bb537c5239a51bb820

SHA1
1b09d8cb50ae52a0ee3e85474ef9e88dc4da2fe8

SHA256
26bafbafbdae21ca84c54cce47278d7570f78dd4392b9a4f252d02f98bbc4abc

SHA512
47da046a8e9a75ed07761258df30481754cea84e746c65c3e21ebc36c68e2b569582c70db98bea6dad0d1f3b4b3ad7b0d75b1bfbdda82f8e5839a01c291aa384

Download Submit
memory/644-264-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1068-144-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1068-2857-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download
memory/1068-2674-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1068-2858-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1068-1685-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download
memory/1068-1684-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1068-160-0x00000000021B0000-0x00000000021B1000-memory.dmp

Filesize
4KB

Download
memory/1068-0-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1068-1-0x00000000021B0000-0x00000000021B1000-memory.dmp

Filesize
4KB

Download
memory/1576-127-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1576-290-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1696-199-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1844-59-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1872-198-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3112-161-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3228-175-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3228-18-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3424-611-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/3424-612-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/3424-614-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/3452-291-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4520-1832-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4520-126-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4520-1837-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download
memory/5132-418-0x0000000010010000-0x0000000010021000-memory.dmp

Filesize
68KB

Download
memory/5280-562-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/5456-2841-0x0000000000800000-0x000000000085A000-memory.dmp

Filesize
360KB

Download
memory/5692-2618-0x0000000076770000-0x0000000076910000-memory.dmp

Filesize
1.6MB

Download
memory/6180-581-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/6564-2656-0x0000000000800000-0x000000000085A000-memory.dmp

Filesize
360KB

Download
memory/7412-903-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/7412-993-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/7412-1025-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/9128-982-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/10400-2755-0x00000000741F0000-0x0000000074217000-memory.dmp

Filesize
156KB

Download
memory/11052-2652-0x00007FFF9DA70000-0x00007FFF9DC65000-memory.dmp

Filesize
2.0MB

Download
memory/11928-2548-0x00007FFF9DA70000-0x00007FFF9DC65000-memory.dmp

Filesize
2.0MB

Download
memory/11948-2429-0x0000000076160000-0x000000007621F000-memory.dmp

Filesize
764KB

Download
memory/11992-2700-0x00007FFF9D290000-0x00007FFF9D2E9000-memory.dmp

Filesize
356KB

Download
memory/12040-2517-0x00007FFF9DA70000-0x00007FFF9DC65000-memory.dmp

Filesize
2.0MB

Download
memory/14236-2470-0x0000000000980000-0x0000000000989000-memory.dmp

Filesize
36KB

Download
memory/15736-2577-0x00007FFF9DA70000-0x00007FFF9DC65000-memory.dmp

Filesize
2.0MB

Download
memory/15748-2544-0x0000000076160000-0x000000007621F000-memory.dmp

Filesize
764KB

Download
memory/16408-2545-0x0000000077B80000-0x0000000077B8A000-memory.dmp

Filesize
40KB

Download
memory/16480-2458-0x0000000000980000-0x0000000000989000-memory.dmp

Filesize
36KB

Download
memory/16596-2414-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/17080-2430-0x00007FFF9DA70000-0x00007FFF9DC65000-memory.dmp

Filesize
2.0MB

Download
memory/17096-2431-0x0000000076160000-0x000000007621F000-memory.dmp

Filesize
764KB

Download
memory/17180-2403-0x00007FFF9DA70000-0x00007FFF9DC65000-memory.dmp

Filesize
2.0MB

Download
memory/17296-2549-0x0000000000800000-0x000000000085A000-memory.dmp

Filesize
360KB

Download