9a8054a1fd36c9ce69b388a6c6efbaa48453e9fa32c173e5ba0a463b25f76d32

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe
Size

3KB
MD5

24868955b522456ac6c303097b17f8b8
SHA1

4bc4575765aa65ff70c011aaa9693dc871ab717b
SHA256

9a8054a1fd36c9ce69b388a6c6efbaa48453e9fa32c173e5ba0a463b25f76d32
SHA512

8bb873967dbc03e5986ecefe964e2647e6bafc813eb3c206ed339279507cd78f48f0395473cc3adc1cb05bd7ce49c58862813e13f2c2f32f92e4aebb0f95b84b

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2108	cmd.exe

Executes dropped EXE 64 IoCs

pid	Process
1452	txRJHRJH1021.exe
2640	txRJHRJH1021.exe
2636	txRJHRJH1021.exe
2772	txRJHRJH1021.exe
2544	txRJHRJH1021.exe
1816	txRJHRJH1021.exe
2952	txRJHRJH1021.exe
1988	txRJHRJH1021.exe
2024	txRJHRJH1021.exe
668	txRJHRJH1021.exe
2492	txRJHRJH1021.exe
2692	txRJHRJH1021.exe
1536	txRJHRJH1021.exe
1276	txRJHRJH1021.exe
1148	txRJHRJH1021.exe
2044	txRJHRJH1021.exe
1244	txRJHRJH1021.exe
2792	txRJHRJH1021.exe
2548	txRJHRJH1021.exe
2400	txRJHRJH1021.exe
2868	txRJHRJH1021.exe
2552	txRJHRJH1021.exe
2364	txRJHRJH1021.exe
2440	txRJHRJH1021.exe
2900	txRJHRJH1021.exe
1612	txRJHRJH1021.exe
2892	txRJHRJH1021.exe
2832	txRJHRJH1021.exe
2884	txRJHRJH1021.exe
1772	txRJHRJH1021.exe
2984	txRJHRJH1021.exe
2052	txRJHRJH1021.exe
300	txRJHRJH1021.exe
2908	txRJHRJH1021.exe
2284	txRJHRJH1021.exe
2276	txRJHRJH1021.exe
1532	txRJHRJH1021.exe
2372	txRJHRJH1021.exe
292	txRJHRJH1021.exe
3004	txRJHRJH1021.exe
2668	txRJHRJH1021.exe
2836	txRJHRJH1021.exe
2248	txRJHRJH1021.exe
2052	txRJHRJH1021.exe
2908	txRJHRJH1021.exe
1756	txRJHRJH1021.exe
1936	txRJHRJH1021.exe
1964	txRJHRJH1021.exe
3044	txRJHRJH1021.exe
2012	txRJHRJH1021.exe
1748	txRJHRJH1021.exe
2112	txRJHRJH1021.exe
1960	txRJHRJH1021.exe
2552	txRJHRJH1021.exe
2276	txRJHRJH1021.exe
1936	txRJHRJH1021.exe
2284	txRJHRJH1021.exe
1960	txRJHRJH1021.exe
3084	txRJHRJH1021.exe
3140	txRJHRJH1021.exe
3200	txRJHRJH1021.exe
3272	txRJHRJH1021.exe
3328	txRJHRJH1021.exe
3388	txRJHRJH1021.exe

Loads dropped DLL 64 IoCs

pid	Process
2408	24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe
2408	24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe
1452	txRJHRJH1021.exe
1452	txRJHRJH1021.exe
2640	txRJHRJH1021.exe
2640	txRJHRJH1021.exe
2636	txRJHRJH1021.exe
2636	txRJHRJH1021.exe
2772	txRJHRJH1021.exe
2772	txRJHRJH1021.exe
2544	txRJHRJH1021.exe
2544	txRJHRJH1021.exe
1816	txRJHRJH1021.exe
1816	txRJHRJH1021.exe
2952	txRJHRJH1021.exe
2952	txRJHRJH1021.exe
1988	txRJHRJH1021.exe
1988	txRJHRJH1021.exe
2024	txRJHRJH1021.exe
2024	txRJHRJH1021.exe
668	txRJHRJH1021.exe
668	txRJHRJH1021.exe
2492	txRJHRJH1021.exe
2492	txRJHRJH1021.exe
2692	txRJHRJH1021.exe
2692	txRJHRJH1021.exe
1536	txRJHRJH1021.exe
1536	txRJHRJH1021.exe
1276	txRJHRJH1021.exe
1276	txRJHRJH1021.exe
1148	txRJHRJH1021.exe
1148	txRJHRJH1021.exe
2044	txRJHRJH1021.exe
2044	txRJHRJH1021.exe
1244	txRJHRJH1021.exe
1244	txRJHRJH1021.exe
2792	txRJHRJH1021.exe
2792	txRJHRJH1021.exe
2548	txRJHRJH1021.exe
2548	txRJHRJH1021.exe
2400	txRJHRJH1021.exe
2400	txRJHRJH1021.exe
2868	txRJHRJH1021.exe
2868	txRJHRJH1021.exe
2552	txRJHRJH1021.exe
2552	txRJHRJH1021.exe
2364	txRJHRJH1021.exe
2364	txRJHRJH1021.exe
2440	txRJHRJH1021.exe
2440	txRJHRJH1021.exe
2900	txRJHRJH1021.exe
2900	txRJHRJH1021.exe
1612	txRJHRJH1021.exe
1612	txRJHRJH1021.exe
2892	txRJHRJH1021.exe
2892	txRJHRJH1021.exe
2832	txRJHRJH1021.exe
2832	txRJHRJH1021.exe
2884	txRJHRJH1021.exe
2884	txRJHRJH1021.exe
1772	txRJHRJH1021.exe
1772	txRJHRJH1021.exe
2984	txRJHRJH1021.exe
2984	txRJHRJH1021.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File created	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File created	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File created	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File created	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2108	2408	24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe	28
PID 2408 wrote to memory of 2108	2408	24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe	28
PID 2408 wrote to memory of 2108	2408	24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe	28
PID 2408 wrote to memory of 2108	2408	24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe	28
PID 2408 wrote to memory of 1452	2408	24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe	30
PID 2408 wrote to memory of 1452	2408	24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe	30
PID 2408 wrote to memory of 1452	2408	24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe	30
PID 2408 wrote to memory of 1452	2408	24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe	30
PID 1452 wrote to memory of 2652	1452	txRJHRJH1021.exe	31
PID 1452 wrote to memory of 2652	1452	txRJHRJH1021.exe	31
PID 1452 wrote to memory of 2652	1452	txRJHRJH1021.exe	31
PID 1452 wrote to memory of 2652	1452	txRJHRJH1021.exe	31
PID 1452 wrote to memory of 2640	1452	txRJHRJH1021.exe	32
PID 1452 wrote to memory of 2640	1452	txRJHRJH1021.exe	32
PID 1452 wrote to memory of 2640	1452	txRJHRJH1021.exe	32
PID 1452 wrote to memory of 2640	1452	txRJHRJH1021.exe	32
PID 2640 wrote to memory of 2252	2640	txRJHRJH1021.exe	34
PID 2640 wrote to memory of 2252	2640	txRJHRJH1021.exe	34
PID 2640 wrote to memory of 2252	2640	txRJHRJH1021.exe	34
PID 2640 wrote to memory of 2252	2640	txRJHRJH1021.exe	34
PID 2640 wrote to memory of 2636	2640	txRJHRJH1021.exe	35
PID 2640 wrote to memory of 2636	2640	txRJHRJH1021.exe	35
PID 2640 wrote to memory of 2636	2640	txRJHRJH1021.exe	35
PID 2640 wrote to memory of 2636	2640	txRJHRJH1021.exe	35
PID 2636 wrote to memory of 2808	2636	txRJHRJH1021.exe	38
PID 2636 wrote to memory of 2808	2636	txRJHRJH1021.exe	38
PID 2636 wrote to memory of 2808	2636	txRJHRJH1021.exe	38
PID 2636 wrote to memory of 2808	2636	txRJHRJH1021.exe	38
PID 2108 wrote to memory of 1712	2108	cmd.exe	37
PID 2108 wrote to memory of 1712	2108	cmd.exe	37
PID 2108 wrote to memory of 1712	2108	cmd.exe	37
PID 2108 wrote to memory of 1712	2108	cmd.exe	37
PID 2636 wrote to memory of 2772	2636	txRJHRJH1021.exe	39
PID 2636 wrote to memory of 2772	2636	txRJHRJH1021.exe	39
PID 2636 wrote to memory of 2772	2636	txRJHRJH1021.exe	39
PID 2636 wrote to memory of 2772	2636	txRJHRJH1021.exe	39
PID 2772 wrote to memory of 2528	2772	txRJHRJH1021.exe	41
PID 2772 wrote to memory of 2528	2772	txRJHRJH1021.exe	41
PID 2772 wrote to memory of 2528	2772	txRJHRJH1021.exe	41
PID 2772 wrote to memory of 2528	2772	txRJHRJH1021.exe	41
PID 2252 wrote to memory of 1460	2252	cmd.exe	44
PID 2252 wrote to memory of 1460	2252	cmd.exe	44
PID 2252 wrote to memory of 1460	2252	cmd.exe	44
PID 2252 wrote to memory of 1460	2252	cmd.exe	44
PID 2772 wrote to memory of 2544	2772	txRJHRJH1021.exe	42
PID 2772 wrote to memory of 2544	2772	txRJHRJH1021.exe	42
PID 2772 wrote to memory of 2544	2772	txRJHRJH1021.exe	42
PID 2772 wrote to memory of 2544	2772	txRJHRJH1021.exe	42
PID 2544 wrote to memory of 3048	2544	txRJHRJH1021.exe	45
PID 2544 wrote to memory of 3048	2544	txRJHRJH1021.exe	45
PID 2544 wrote to memory of 3048	2544	txRJHRJH1021.exe	45
PID 2544 wrote to memory of 3048	2544	txRJHRJH1021.exe	45
PID 2544 wrote to memory of 1816	2544	txRJHRJH1021.exe	46
PID 2544 wrote to memory of 1816	2544	txRJHRJH1021.exe	46
PID 2544 wrote to memory of 1816	2544	txRJHRJH1021.exe	46
PID 2544 wrote to memory of 1816	2544	txRJHRJH1021.exe	46
PID 1816 wrote to memory of 3028	1816	txRJHRJH1021.exe	50
PID 1816 wrote to memory of 3028	1816	txRJHRJH1021.exe	50
PID 1816 wrote to memory of 3028	1816	txRJHRJH1021.exe	50
PID 1816 wrote to memory of 3028	1816	txRJHRJH1021.exe	50
PID 2528 wrote to memory of 2868	2528	cmd.exe	49
PID 2528 wrote to memory of 2868	2528	cmd.exe	49
PID 2528 wrote to memory of 2868	2528	cmd.exe	49
PID 2528 wrote to memory of 2868	2528	cmd.exe	49

Views/modifies file attributes 1 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
11872	Process not Found
9192	Process not Found
17824	Process not Found
1036	attrib.exe
11304	Process not Found
14820	Process not Found
14324	Process not Found
9392	Process not Found
10960	Process not Found
10028	Process not Found
12676	Process not Found
12544	Process not Found
13400	Process not Found
13172	Process not Found
8160	Process not Found
4288	attrib.exe
5252	Process not Found
11436	Process not Found
10476	Process not Found
15296	Process not Found
15592	Process not Found
10280	Process not Found
9824	Process not Found
5192	Process not Found
10492	Process not Found
9328	Process not Found
5204	Process not Found
12120	Process not Found
14852	Process not Found
10168	Process not Found
13240	Process not Found
11136	Process not Found
11228	Process not Found
5388	Process not Found
11436	Process not Found
10268	Process not Found
10672	Process not Found
11348	Process not Found
12584	Process not Found
13940	Process not Found
4528	Process not Found
11912	Process not Found
292	Process not Found
15664	Process not Found
11296	Process not Found
2116	Process not Found
17280	Process not Found
13372	Process not Found
9924	Process not Found
8924	Process not Found
15264	Process not Found
11784	Process not Found
11584	Process not Found
11032	Process not Found
6976	Process not Found
12388	Process not Found
1288	attrib.exe
4620	attrib.exe
15124	Process not Found
15440	Process not Found
6216	Process not Found
17384	Process not Found
12108	Process not Found
13452	Process not Found

C:\Users\Admin\AppData\Local\Temp\24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\b3b4f3ed7898259399866.bat
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2108
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Users\Admin\AppData\Local\Temp\24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe" -r -a -s -h
    3⤵
    PID:1712
- C:\Windows\SysWOW64\txRJHRJH1021.exe
  C:\Windows\system32\txRJHRJH1021.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1452
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\b3b4f3ed7898259399928.bat
    3⤵
    PID:2652
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:2552
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:2280
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:2816
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:2244
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:2312
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:968
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:2628
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:2816
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:3388
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:3220
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:2212
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:5076
- - C:\Windows\SysWOW64\txRJHRJH1021.exe
    C:\Windows\system32\txRJHRJH1021.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\b3b4f3ed7898259399944.bat
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2252
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:1460
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:2248
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:1248
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:2380
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:2992
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:1768
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:1668
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:2384
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:2100
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:4924
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:4320
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:3512
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:2020
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:5044
  - - C:\Windows\SysWOW64\txRJHRJH1021.exe
      C:\Windows\system32\txRJHRJH1021.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259399960.bat
        5⤵
        
        PID:2808
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        
        PID:2856
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        
        PID:1288
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        
        PID:2268
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        
        PID:2416
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        
        PID:2860
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        
        PID:644
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        
        PID:2372
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        
        PID:2508
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        Drops file in System32 directory
        
        PID:4372
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        
        PID:4184
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        
        PID:4036
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        
        PID:4240
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        
        PID:4980
    - - C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2772
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259399975.bat
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:2528
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:4480
      - C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2544
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259400006.bat
        7⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        Views/modifies file attributes
        
        PID:1288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1816
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259400022.bat
        8⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2952
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259400022.bat
        9⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1988
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259400038.bat
        10⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        11⤵
        
        PID:876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        11⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        11⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        11⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        11⤵
        
        PID:536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        11⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        11⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        11⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        11⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        11⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        11⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2024
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259400069.bat
        11⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        
        PID:404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:668
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259400116.bat
        12⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2492
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259400147.bat
        13⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:3796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2692
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259400209.bat
        14⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        15⤵
        
        PID:1080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        15⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        15⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        15⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        15⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        15⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        15⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        15⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        15⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        15⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        15⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1536
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259400303.bat
        15⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        16⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        16⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        16⤵
        
        PID:552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        16⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        16⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        16⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        16⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        16⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        16⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        16⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1276
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259400303.bat
        16⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        17⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        17⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        17⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        17⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        17⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        17⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        17⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        17⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        17⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        17⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1148
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259400318.bat
        17⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        18⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        18⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        18⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        18⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        18⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        18⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        18⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        18⤵
        
        PID:752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        18⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        18⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2044
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259400334.bat
        18⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        19⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        19⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        19⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        19⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        19⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        19⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        19⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        19⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        19⤵
        
        PID:948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        19⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1244
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259400365.bat
        19⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        20⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        20⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        20⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        20⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        20⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        20⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        20⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        20⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        20⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        20⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2792
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259400381.bat
        20⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        21⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        21⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        21⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        21⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        21⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        21⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        21⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        21⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        21⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        21⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2548
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259400506.bat
        21⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        22⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        22⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        22⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        22⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        22⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        22⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        22⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        22⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        22⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2400
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259400693.bat
        22⤵
        
        PID:288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        23⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        23⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        23⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        23⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        23⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        23⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        23⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        23⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2868
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259400864.bat
        23⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        24⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        24⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        24⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        24⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        24⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        24⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        24⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        24⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2552
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401036.bat
        24⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        25⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        25⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        25⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        25⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        25⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        25⤵
        Drops file in System32 directory
        
        PID:4744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        25⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2364
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401239.bat
        25⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        26⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        26⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        26⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        26⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        26⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        26⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        26⤵
        
        PID:760
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2440
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401410.bat
        26⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        27⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        27⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        27⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        27⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        27⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        27⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2900
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401551.bat
        27⤵
        
        PID:404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        28⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        28⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        28⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        28⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        28⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        28⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1612
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401582.bat
        28⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        29⤵
        
        PID:300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        29⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        29⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        29⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        29⤵
        Views/modifies file attributes
        
        PID:4288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        29⤵
        
        PID:620
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2892
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401598.bat
        29⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        30⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        30⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        30⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        30⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        30⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        30⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2832
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401613.bat
        30⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        31⤵
        
        PID:292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        31⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        31⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        31⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        31⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        31⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2884
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401629.bat
        31⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        32⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        32⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        32⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        32⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        32⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        32⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        32⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1772
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401660.bat
        32⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        33⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        33⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        33⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        33⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        33⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        33⤵
        Drops file in System32 directory
        
        PID:2380
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401676.bat
        33⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        34⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        34⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        34⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        34⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        34⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        34⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        33⤵
        Executes dropped EXE
        
        PID:2052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401676.bat
        34⤵
        
        PID:836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        35⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        35⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        35⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        35⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        35⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        35⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        34⤵
        Executes dropped EXE
        
        PID:300
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401691.bat
        35⤵
        
        PID:1288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        36⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        36⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        36⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        36⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        36⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        36⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        35⤵
        Executes dropped EXE
        
        PID:2908
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401722.bat
        36⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        37⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        37⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        37⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        37⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        37⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        37⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        36⤵
        Executes dropped EXE
        
        PID:2284
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401754.bat
        37⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        38⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        38⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        38⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        38⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        38⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        38⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        37⤵
        Executes dropped EXE
        
        PID:2276
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401769.bat
        38⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        39⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        39⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        39⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        39⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        39⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        38⤵
        Executes dropped EXE
        
        PID:1532
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401785.bat
        39⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        40⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        40⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        40⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        40⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        40⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        40⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        39⤵
        Executes dropped EXE
        
        PID:2372
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401816.bat
        40⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        41⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        41⤵
        
        PID:1080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        41⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        41⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        41⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        41⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        40⤵
        Executes dropped EXE
        
        PID:292
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401847.bat
        41⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        42⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        42⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        42⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        42⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        42⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        42⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        41⤵
        Executes dropped EXE
        
        PID:3004
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401863.bat
        42⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        43⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        43⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        43⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        43⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        43⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        43⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        42⤵
        Executes dropped EXE
        
        PID:2668
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401878.bat
        43⤵
        
        PID:808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        44⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        44⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        44⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        44⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        44⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        44⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        43⤵
        Executes dropped EXE
        
        PID:2836
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401878.bat
        44⤵
        
        PID:480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        45⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        45⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        45⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        45⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        45⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        45⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        44⤵
        Executes dropped EXE
        
        PID:2248
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401894.bat
        45⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        46⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        46⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        46⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        46⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        46⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        46⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        45⤵
        Executes dropped EXE
        
        PID:2052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401910.bat
        46⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        47⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        47⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        47⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        47⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        47⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        47⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        46⤵
        Executes dropped EXE
        
        PID:2908
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401941.bat
        47⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        48⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        48⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        48⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        48⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        48⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        48⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        48⤵
        
        PID:292
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        47⤵
        Executes dropped EXE
        
        PID:1756
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401956.bat
        48⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        49⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        49⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        49⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        49⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        49⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        49⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        48⤵
        Executes dropped EXE
        
        PID:1936
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401972.bat
        49⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        50⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        50⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        50⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        50⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        50⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        50⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        49⤵
        Executes dropped EXE
        
        PID:1964
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259401988.bat
        50⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        51⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        51⤵
        
        PID:620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        51⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        51⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        51⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        51⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        50⤵
        Executes dropped EXE
        
        PID:3044
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402019.bat
        51⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        52⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        52⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        52⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        52⤵
        Views/modifies file attributes
        
        PID:4620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        52⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        52⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        51⤵
        Executes dropped EXE
        
        PID:2012
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402034.bat
        52⤵
        
        PID:784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        53⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        53⤵
        
        PID:536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        53⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        53⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        53⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        53⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        52⤵
        Executes dropped EXE
        
        PID:1748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402050.bat
        53⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        54⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        54⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        54⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        54⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        54⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        53⤵
        Executes dropped EXE
        
        PID:2112
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402066.bat
        54⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        55⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        55⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        55⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        55⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        55⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        55⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        54⤵
        Executes dropped EXE
        
        PID:1960
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402097.bat
        55⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        56⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        56⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        56⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        56⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        56⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        55⤵
        Executes dropped EXE
        
        PID:2552
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402112.bat
        56⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        57⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        57⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        57⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        57⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        57⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        57⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        56⤵
        Executes dropped EXE
        
        PID:2276
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402128.bat
        57⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        58⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        58⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        58⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        58⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        58⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        58⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        57⤵
        Executes dropped EXE
        
        PID:1936
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402144.bat
        58⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        59⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        59⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        59⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        59⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        59⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        59⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        58⤵
        Executes dropped EXE
        
        PID:2284
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402159.bat
        59⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        60⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        60⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        60⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        60⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        60⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        60⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        59⤵
        Executes dropped EXE
        
        PID:1960
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402175.bat
        60⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        61⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        61⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        61⤵
        
        PID:760
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        61⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        61⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        61⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        60⤵
        Executes dropped EXE
        
        PID:3084
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402190.bat
        61⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        62⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        62⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        62⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        62⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        62⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        62⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        61⤵
        Executes dropped EXE
        
        PID:3140
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402206.bat
        62⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        63⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        63⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        63⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        63⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        63⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        63⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        62⤵
        Executes dropped EXE
        
        PID:3200
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402222.bat
        63⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        64⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        64⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        64⤵
        
        PID:620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        64⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        64⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        63⤵
        Executes dropped EXE
        
        PID:3272
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402253.bat
        64⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        65⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        65⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        65⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        65⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        65⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        65⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        64⤵
        Executes dropped EXE
        
        PID:3328
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402268.bat
        65⤵
        
        PID:3380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        66⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        66⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        66⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        66⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        66⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        65⤵
        Executes dropped EXE
        
        PID:3388
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402284.bat
        66⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        67⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        67⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        67⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        67⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        67⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        67⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        66⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402300.bat
        67⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        68⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        68⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        68⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        68⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        68⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        68⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        67⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402315.bat
        68⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        69⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        69⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        69⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        69⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        69⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        69⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        68⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402331.bat
        69⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        70⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        70⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        70⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        70⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        70⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        70⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        69⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402362.bat
        70⤵
        
        PID:3688
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        71⤵
        Drops file in System32 directory
        
        PID:3172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        71⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        71⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        71⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        71⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        70⤵
        
        PID:3704
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402378.bat
        71⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        72⤵
        
        PID:3248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        72⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        72⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        72⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        72⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        71⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402409.bat
        72⤵
        
        PID:3868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        73⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        73⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        73⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        73⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        73⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        73⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        72⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402424.bat
        73⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        74⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        74⤵
        
        PID:948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        74⤵
        
        PID:3796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        74⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        74⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        73⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402440.bat
        74⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        75⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        75⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        75⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        75⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        75⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        74⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402456.bat
        75⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        76⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        76⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        76⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        76⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        76⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        75⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402471.bat
        76⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        77⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        77⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        77⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        77⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        77⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        76⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402487.bat
        77⤵
        
        PID:3188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        78⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        78⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        78⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        78⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        78⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        78⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        77⤵
        
        PID:3212
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402502.bat
        78⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        79⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        79⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        79⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        79⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        79⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        78⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402518.bat
        79⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        80⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        80⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        80⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        80⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        80⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        79⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402534.bat
        80⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        81⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        81⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        81⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        81⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        81⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        81⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        80⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402549.bat
        81⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        82⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        82⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        82⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        82⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        82⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        81⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402565.bat
        82⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        83⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        83⤵
        Drops file in System32 directory
        
        PID:3296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        83⤵
        Drops file in System32 directory
        
        PID:4172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        83⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        83⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        82⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402580.bat
        83⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        84⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        84⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        84⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        84⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        84⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        83⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402596.bat
        84⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        85⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        85⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        85⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        85⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        85⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        85⤵
        Drops file in System32 directory
        
        PID:2220
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        84⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402612.bat
        85⤵
        
        PID:604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        86⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        86⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        86⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        86⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        86⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        85⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402627.bat
        86⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        87⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        87⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        87⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        87⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        87⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        87⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        86⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402643.bat
        87⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        88⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        88⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        88⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        88⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        88⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        88⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        87⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402674.bat
        88⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        89⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        89⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        89⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        89⤵
        
        PID:760
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        89⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        88⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402690.bat
        89⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        90⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        90⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        90⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        90⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        90⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        90⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        89⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402721.bat
        90⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        91⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        91⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        91⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        91⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        91⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        91⤵
        
        PID:3796
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        90⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402736.bat
        91⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        92⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        92⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        92⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        92⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        92⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        91⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402768.bat
        92⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        93⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        93⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        93⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        93⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        93⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        92⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402783.bat
        93⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        94⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        94⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        94⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        94⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        94⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        93⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402799.bat
        94⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        95⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        95⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        95⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        95⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        95⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        94⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402814.bat
        95⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        96⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        96⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        96⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        96⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        96⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        95⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402830.bat
        96⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        97⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        97⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        97⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        97⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        97⤵
        Views/modifies file attributes
        
        PID:1036
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        96⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402846.bat
        97⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        98⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        98⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        98⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        98⤵
        
        PID:536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        98⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        97⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402861.bat
        98⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        99⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        99⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        99⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        99⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        99⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        98⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402877.bat
        99⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        100⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        100⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        100⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        100⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        100⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        99⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402892.bat
        100⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        101⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        101⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        101⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        101⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        101⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        100⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402908.bat
        101⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        102⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        102⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        102⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        102⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        102⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        101⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402939.bat
        102⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        103⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        103⤵
        Drops file in System32 directory
        
        PID:4300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        103⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        103⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        103⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        102⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402955.bat
        103⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        104⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        104⤵
        Drops file in System32 directory
        
        PID:4248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        104⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        104⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        104⤵
        
        PID:536
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        103⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402970.bat
        104⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        105⤵
        Drops file in System32 directory
        
        PID:4528
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        105⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        105⤵
        Drops file in System32 directory
        
        PID:4008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        105⤵
        
        PID:620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        105⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        104⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259402986.bat
        105⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        106⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        106⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        106⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        106⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        106⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        105⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259403017.bat
        106⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        107⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        107⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        107⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        107⤵
        
        PID:292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        107⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        106⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259403033.bat
        107⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        108⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        108⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        108⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        108⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        108⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        107⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259403048.bat
        108⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        109⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        109⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        109⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        109⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        109⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        108⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259403064.bat
        109⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        110⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        110⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        110⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        110⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        110⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        109⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259403095.bat
        110⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        111⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        111⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        111⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        111⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        111⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        110⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259403111.bat
        111⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        112⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        112⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        112⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        112⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        112⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        111⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259403126.bat
        112⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        113⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        113⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        113⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        113⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        113⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        112⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259403142.bat
        113⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        114⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        114⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        114⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        114⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        114⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        113⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259403158.bat
        114⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        115⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        115⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        115⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        115⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        115⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        114⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259403173.bat
        115⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        116⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        116⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        116⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        116⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        116⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        115⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259403189.bat
        116⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        117⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        117⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        117⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        117⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        117⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        116⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259403407.bat
        117⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        118⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        118⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        118⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        118⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        118⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        117⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\b3b4f3ed7898259405014.bat
        118⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        119⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        119⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        119⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        119⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        118⤵
        
        PID:4988

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-14647861721067304204-1601155273932597441818569089281993652869932062-1542159208"
1⤵
PID:2772

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "14456676588904179951933037501-1803104224-551775664164508430098003895872242788"
1⤵
PID:1156

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "896215860-706040980-537478913-198247735-1229228174-172017955214661479251337972762"
1⤵
PID:2400

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1232670069333320025-7374765978997127711525489625-20909785931737704239-1343008100"
1⤵
PID:2916

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1438432179-21189079011263494734-169208865-1553307010196334267-2010246205-2021447271"
1⤵
PID:644

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "80429997020771384391491255089199068859-458255769-274424014-1174967261780255999"
1⤵
PID:1516

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "416286824-599621203-18601469471286215518-1224563340-1255336222811970866-1851713986"
1⤵
PID:2464

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1775067249-21223360941228765-1009891282-293080966-96642788055008106-315589735"
1⤵
PID:1244

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "381134124-1196992443-1359499213-1334622983-14991463251703746449-1570483691336970420"
1⤵
PID:2992

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-655805433-125920544814487369858269105308125342-248972931038933448-1901292601"
1⤵
PID:1868

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1906899985-19105075871691389117-256116582-11120470601607260102727473170-434038133"
1⤵
PID:2372

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1634754822-15490500601155000710-84021618814243413161443507021-1172556240932663068"
1⤵
PID:1772

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "14671646682039766508-2106911567-1602779454-1614520198-1933083238987342089167798518"
1⤵
PID:2720

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1709833941692642041-2128365568-134714094189723763-2766697802683941552116293137"
1⤵
PID:1748

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1825822623476097151100500373639409706538450799-489815342881865785-596356400"
1⤵
PID:2832

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-755331417-112572590712455672371392738011-1215540982175855317110111236041950255121"
1⤵
PID:2276

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "129056964-330904620-1545145539-260856318-761117252722755561-1997013489648315007"
1⤵
PID:3328

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2375949351111261931177891858-325188008288551545858577735471746161475141706"
1⤵
PID:3632

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-19844638942027810354-639942064-2116374749-1676764932-4496253452034738378-838714603"
1⤵
PID:3564

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1549380215-18194099-661606617-12608030691857823003-1132292750-2199151531319357830"
1⤵
PID:3752

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "197893439-50987033-399330248-1816645273-935529485-17117249751391165895-252947261"
1⤵
PID:1304

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1666107016-4934798011535907242124905431819561943141019455678-577608257865750354"
1⤵
PID:2104

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-885299617-359870203-1336733217-377645587-1471392826-1752524144-37434353495068174"
1⤵
PID:3616

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-494473962-2248032701042969098-1194375125579371021-15054412771583323639-2081006368"
1⤵
PID:3200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\txRJHRJH1021.exe

Filesize
3KB

MD5
24868955b522456ac6c303097b17f8b8

SHA1
4bc4575765aa65ff70c011aaa9693dc871ab717b

SHA256
9a8054a1fd36c9ce69b388a6c6efbaa48453e9fa32c173e5ba0a463b25f76d32

SHA512
8bb873967dbc03e5986ecefe964e2647e6bafc813eb3c206ed339279507cd78f48f0395473cc3adc1cb05bd7ce49c58862813e13f2c2f32f92e4aebb0f95b84b

Download Submit
C:\b3b4f3ed7898259399866.bat

Filesize
332B

MD5
c9dd5c4990d3ee9daafffc4fd8b512e1

SHA1
346a415b22934956d96c9cc9a2df0617b2101cfc

SHA256
f21c8c35a96ef48ad8259d91b1c43525c0131aae7504da3040290fd25949dd01

SHA512
2a5206c58b3e4319e6dd5152c2c5a1eff01120529b49f32a282afdf401bd573275d6216273f23c6bb993a8dfec5df8727420ec5470bee57494beb6a6880f8a25

Download Submit
C:\b3b4f3ed7898259399928.bat

Filesize
188B

MD5
680ca44d8f67b7fc37e19fb00a9c7c64

SHA1
8e893f1f386df7f5e85bf60717943b67afd9e1bd

SHA256
d522ec95766297a1d7d8cc1aa86267ec544d827b99fff40b611219efa075a5af

SHA512
fcd83297ef86e8abbebee91336f2cb003654f8769b72451517b058c195ec6ae6e44b02393c4032fae13f954cec63d3f4484997cca1a2e6043f489169955f8ba0

Download Submit