9a8054a1fd36c9ce69b388a6c6efbaa48453e9fa32c173e5ba0a463b25f76d32

Analysis

max time kernel
93s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe
Size

3KB
MD5

24868955b522456ac6c303097b17f8b8
SHA1

4bc4575765aa65ff70c011aaa9693dc871ab717b
SHA256

9a8054a1fd36c9ce69b388a6c6efbaa48453e9fa32c173e5ba0a463b25f76d32
SHA512

8bb873967dbc03e5986ecefe964e2647e6bafc813eb3c206ed339279507cd78f48f0395473cc3adc1cb05bd7ce49c58862813e13f2c2f32f92e4aebb0f95b84b

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3672	txRJHRJH1021.exe
1580	txRJHRJH1021.exe
3032	txRJHRJH1021.exe
1100	txRJHRJH1021.exe
528	txRJHRJH1021.exe
3692	txRJHRJH1021.exe
2416	txRJHRJH1021.exe
4868	txRJHRJH1021.exe
1468	txRJHRJH1021.exe
3676	txRJHRJH1021.exe
4992	txRJHRJH1021.exe
4608	txRJHRJH1021.exe
1388	txRJHRJH1021.exe
2348	txRJHRJH1021.exe
3896	txRJHRJH1021.exe
4732	txRJHRJH1021.exe
1724	txRJHRJH1021.exe
5004	txRJHRJH1021.exe
4980	txRJHRJH1021.exe
3276	txRJHRJH1021.exe
4736	txRJHRJH1021.exe
3656	txRJHRJH1021.exe
4604	txRJHRJH1021.exe
1288	txRJHRJH1021.exe
4444	txRJHRJH1021.exe
4396	txRJHRJH1021.exe
3940	txRJHRJH1021.exe
4820	txRJHRJH1021.exe
1420	txRJHRJH1021.exe
1844	txRJHRJH1021.exe
5068	txRJHRJH1021.exe
1440	txRJHRJH1021.exe
2952	txRJHRJH1021.exe
3352	txRJHRJH1021.exe
3684	txRJHRJH1021.exe
4320	txRJHRJH1021.exe
4312	txRJHRJH1021.exe
1392	txRJHRJH1021.exe
2244	txRJHRJH1021.exe
2424	txRJHRJH1021.exe
2616	txRJHRJH1021.exe
808	txRJHRJH1021.exe
2424	txRJHRJH1021.exe
3944	txRJHRJH1021.exe
5056	txRJHRJH1021.exe
5164	txRJHRJH1021.exe
5276	txRJHRJH1021.exe
5376	txRJHRJH1021.exe
5432	txRJHRJH1021.exe
5568	txRJHRJH1021.exe
5700	txRJHRJH1021.exe
5788	txRJHRJH1021.exe
5932	txRJHRJH1021.exe
5992	txRJHRJH1021.exe
6060	txRJHRJH1021.exe
4972	txRJHRJH1021.exe
5220	txRJHRJH1021.exe
5360	txRJHRJH1021.exe
5328	txRJHRJH1021.exe
4560	txRJHRJH1021.exe
5872	txRJHRJH1021.exe
5780	txRJHRJH1021.exe
4396	txRJHRJH1021.exe
5180	txRJHRJH1021.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File created	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File created	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File created	C:\Windows\SysWOW64\txRJHRJH1021.exe	txRJHRJH1021.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File created	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File created	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File created	C:\Windows\SysWOW64\txRJHRJH1021.exe	txRJHRJH1021.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File created	C:\Windows\SysWOW64\txRJHRJH1021.exe	txRJHRJH1021.exe
File created	C:\Windows\SysWOW64\txRJHRJH1021.exe	txRJHRJH1021.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File created	C:\Windows\SysWOW64\txRJHRJH1021.exe	txRJHRJH1021.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File created	C:\Windows\SysWOW64\txRJHRJH1021.exe	txRJHRJH1021.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File created	C:\Windows\SysWOW64\txRJHRJH1021.exe	txRJHRJH1021.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File created	C:\Windows\SysWOW64\txRJHRJH1021.exe	txRJHRJH1021.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File created	C:\Windows\SysWOW64\txRJHRJH1021.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\txRJHRJH1021.exe	attrib.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
11696	13640	Process not Found	1745

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 2204	3536	24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe	82
PID 3536 wrote to memory of 2204	3536	24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe	82
PID 3536 wrote to memory of 2204	3536	24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe	82
PID 3536 wrote to memory of 3672	3536	24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe	83
PID 3536 wrote to memory of 3672	3536	24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe	83
PID 3536 wrote to memory of 3672	3536	24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe	83
PID 3672 wrote to memory of 3948	3672	txRJHRJH1021.exe	85
PID 3672 wrote to memory of 3948	3672	txRJHRJH1021.exe	85
PID 3672 wrote to memory of 3948	3672	txRJHRJH1021.exe	85
PID 3672 wrote to memory of 1580	3672	txRJHRJH1021.exe	86
PID 3672 wrote to memory of 1580	3672	txRJHRJH1021.exe	86
PID 3672 wrote to memory of 1580	3672	txRJHRJH1021.exe	86
PID 1580 wrote to memory of 4724	1580	txRJHRJH1021.exe	88
PID 1580 wrote to memory of 4724	1580	txRJHRJH1021.exe	88
PID 1580 wrote to memory of 4724	1580	txRJHRJH1021.exe	88
PID 1580 wrote to memory of 3032	1580	txRJHRJH1021.exe	89
PID 1580 wrote to memory of 3032	1580	txRJHRJH1021.exe	89
PID 1580 wrote to memory of 3032	1580	txRJHRJH1021.exe	89
PID 3032 wrote to memory of 3916	3032	txRJHRJH1021.exe	91
PID 3032 wrote to memory of 3916	3032	txRJHRJH1021.exe	91
PID 3032 wrote to memory of 3916	3032	txRJHRJH1021.exe	91
PID 3032 wrote to memory of 1100	3032	txRJHRJH1021.exe	92
PID 3032 wrote to memory of 1100	3032	txRJHRJH1021.exe	92
PID 3032 wrote to memory of 1100	3032	txRJHRJH1021.exe	92
PID 1100 wrote to memory of 4288	1100	txRJHRJH1021.exe	94
PID 1100 wrote to memory of 4288	1100	txRJHRJH1021.exe	94
PID 1100 wrote to memory of 4288	1100	txRJHRJH1021.exe	94
PID 1100 wrote to memory of 528	1100	txRJHRJH1021.exe	95
PID 1100 wrote to memory of 528	1100	txRJHRJH1021.exe	95
PID 1100 wrote to memory of 528	1100	txRJHRJH1021.exe	95
PID 528 wrote to memory of 3848	528	txRJHRJH1021.exe	96
PID 528 wrote to memory of 3848	528	txRJHRJH1021.exe	96
PID 528 wrote to memory of 3848	528	txRJHRJH1021.exe	96
PID 528 wrote to memory of 3692	528	txRJHRJH1021.exe	97
PID 528 wrote to memory of 3692	528	txRJHRJH1021.exe	97
PID 528 wrote to memory of 3692	528	txRJHRJH1021.exe	97
PID 3692 wrote to memory of 3804	3692	txRJHRJH1021.exe	100
PID 3692 wrote to memory of 3804	3692	txRJHRJH1021.exe	100
PID 3692 wrote to memory of 3804	3692	txRJHRJH1021.exe	100
PID 3692 wrote to memory of 2416	3692	txRJHRJH1021.exe	101
PID 3692 wrote to memory of 2416	3692	txRJHRJH1021.exe	101
PID 3692 wrote to memory of 2416	3692	txRJHRJH1021.exe	101
PID 2204 wrote to memory of 1384	2204	cmd.exe	102
PID 2204 wrote to memory of 1384	2204	cmd.exe	102
PID 2204 wrote to memory of 1384	2204	cmd.exe	102
PID 2416 wrote to memory of 1576	2416	txRJHRJH1021.exe	104
PID 2416 wrote to memory of 1576	2416	txRJHRJH1021.exe	104
PID 2416 wrote to memory of 1576	2416	txRJHRJH1021.exe	104
PID 2416 wrote to memory of 4868	2416	txRJHRJH1021.exe	105
PID 2416 wrote to memory of 4868	2416	txRJHRJH1021.exe	105
PID 2416 wrote to memory of 4868	2416	txRJHRJH1021.exe	105
PID 4724 wrote to memory of 4512	4724	cmd.exe	241
PID 4724 wrote to memory of 4512	4724	cmd.exe	241
PID 4724 wrote to memory of 4512	4724	cmd.exe	241
PID 4868 wrote to memory of 2188	4868	txRJHRJH1021.exe	108
PID 4868 wrote to memory of 2188	4868	txRJHRJH1021.exe	108
PID 4868 wrote to memory of 2188	4868	txRJHRJH1021.exe	108
PID 4868 wrote to memory of 1468	4868	txRJHRJH1021.exe	109
PID 4868 wrote to memory of 1468	4868	txRJHRJH1021.exe	109
PID 4868 wrote to memory of 1468	4868	txRJHRJH1021.exe	109
PID 1468 wrote to memory of 4740	1468	txRJHRJH1021.exe	110
PID 1468 wrote to memory of 4740	1468	txRJHRJH1021.exe	110
PID 1468 wrote to memory of 4740	1468	txRJHRJH1021.exe	110
PID 1468 wrote to memory of 3676	1468	txRJHRJH1021.exe	111

Views/modifies file attributes 1 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
12132	attrib.exe
9616	attrib.exe
12592	Process not Found
14032	Process not Found
9104	attrib.exe
9028	attrib.exe
12568	Process not Found
10060	attrib.exe
10580	attrib.exe
12788	Process not Found
11776	Process not Found
14176	Process not Found
1224	Process not Found
7148	attrib.exe
8780	attrib.exe
12860	Process not Found
7832	attrib.exe
8916	attrib.exe
7884	attrib.exe
9752	attrib.exe
12280	attrib.exe
7120	attrib.exe
6776	attrib.exe
7540	attrib.exe
9896	attrib.exe
12892	Process not Found
13756	Process not Found
2820	Process not Found
3616	attrib.exe
5832	attrib.exe
13680	Process not Found
3896	attrib.exe
9960	attrib.exe
8808	attrib.exe
1432	Process not Found
8092	attrib.exe
7712	attrib.exe
8384	attrib.exe
12304	Process not Found
4348	attrib.exe
3424	attrib.exe
13356	Process not Found
9088	attrib.exe
12520	Process not Found
12392	Process not Found
12708	Process not Found
10360	attrib.exe
8620	attrib.exe
10976	attrib.exe
10480	attrib.exe
9380	attrib.exe
13680	Process not Found
11552	attrib.exe
7180	attrib.exe
9496	attrib.exe
13728	Process not Found
5428	attrib.exe
9244	attrib.exe
12708	Process not Found
6620	Process not Found
13940	Process not Found
10484	attrib.exe
11216	attrib.exe
12544	Process not Found

C:\Users\Admin\AppData\Local\Temp\24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240601500.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2204
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Users\Admin\AppData\Local\Temp\24868955b522456ac6c303097b17f8b8_JaffaCakes118.exe" -r -a -s -h
    3⤵
    PID:1384
- C:\Windows\SysWOW64\txRJHRJH1021.exe
  C:\Windows\system32\txRJHRJH1021.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3672
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240601546.bat
    3⤵
    PID:3948
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:3684
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:5176
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:6384
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:7976
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:8772
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
      4⤵
      PID:9984
- - C:\Windows\SysWOW64\txRJHRJH1021.exe
    C:\Windows\system32\txRJHRJH1021.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1580
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240601562.bat
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4724
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:4512
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:2580
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:3812
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:7984
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:8772
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        5⤵
        
        PID:10512
  - - C:\Windows\SysWOW64\txRJHRJH1021.exe
      C:\Windows\system32\txRJHRJH1021.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:3032
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240601593.bat
        5⤵
        
        PID:3916
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        Drops file in System32 directory
        Views/modifies file attributes
        
        PID:3616
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        
        PID:5328
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        
        PID:6628
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        
        PID:8144
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        Drops file in System32 directory
        Views/modifies file attributes
        
        PID:9104
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        6⤵
        
        PID:9432
    - - C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1100
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240601609.bat
        6⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        7⤵
        
        PID:11436
      - C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:528
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240601625.bat
        7⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        8⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3692
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240601656.bat
        8⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:1388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        9⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2416
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240601687.bat
        9⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        10⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4868
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240601750.bat
        10⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        11⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        11⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        11⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        11⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        11⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        11⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1468
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240601781.bat
        11⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        Views/modifies file attributes
        
        PID:3896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        12⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        11⤵
        Executes dropped EXE
        
        PID:3676
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240601812.bat
        12⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        Drops file in System32 directory
        
        PID:9056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        13⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        12⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4992
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240601875.bat
        13⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        14⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        13⤵
        Executes dropped EXE
        
        PID:4608
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240601921.bat
        14⤵
        
        PID:60
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        15⤵
        
        PID:224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        15⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        15⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        15⤵
        Drops file in System32 directory
        
        PID:5428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        15⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        15⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        14⤵
        Executes dropped EXE
        
        PID:1388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240601953.bat
        15⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        16⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        16⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        16⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        16⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        16⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        16⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        15⤵
        Executes dropped EXE
        
        PID:2348
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240601984.bat
        16⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        17⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        17⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        17⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        17⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        17⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        17⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        16⤵
        Executes dropped EXE
        
        PID:3896
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602015.bat
        17⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        18⤵
        Views/modifies file attributes
        
        PID:4348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        18⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        18⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        18⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        18⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        18⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        17⤵
        Executes dropped EXE
        
        PID:4732
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602062.bat
        18⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        19⤵
        Views/modifies file attributes
        
        PID:3424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        19⤵
        Drops file in System32 directory
        
        PID:5432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        19⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        19⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        19⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        19⤵
        Views/modifies file attributes
        
        PID:8620
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        18⤵
        Executes dropped EXE
        
        PID:1724
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602093.bat
        19⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        20⤵
        
        PID:684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        20⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        20⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        20⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        20⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        20⤵
        Views/modifies file attributes
        
        PID:11216
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        19⤵
        Executes dropped EXE
        
        PID:5004
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602140.bat
        20⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        21⤵
        
        PID:556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        21⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        21⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        21⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        21⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        20⤵
        Executes dropped EXE
        
        PID:4980
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602171.bat
        21⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        22⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        22⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        22⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        22⤵
        Drops file in System32 directory
        
        PID:7172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        22⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        22⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        21⤵
        Executes dropped EXE
        
        PID:3276
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602203.bat
        22⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        23⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        23⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        23⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        23⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        23⤵
        Views/modifies file attributes
        
        PID:9028
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        23⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        22⤵
        Executes dropped EXE
        
        PID:4736
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602265.bat
        23⤵
        
        PID:388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        24⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        24⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        24⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        24⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        24⤵
        
        PID:10800
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        24⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        23⤵
        Executes dropped EXE
        
        PID:3656
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602296.bat
        24⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        25⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        25⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        25⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        25⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        25⤵
        
        PID:11176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        25⤵
        Views/modifies file attributes
        
        PID:8384
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        24⤵
        Executes dropped EXE
        
        PID:4604
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602312.bat
        25⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        26⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        26⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        26⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        26⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        26⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        26⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        25⤵
        Executes dropped EXE
        
        PID:1288
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602328.bat
        26⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        27⤵
        
        PID:552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        27⤵
        Drops file in System32 directory
        
        PID:7016
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        27⤵
        Views/modifies file attributes
        
        PID:5428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        27⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        27⤵
        
        PID:9740
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        26⤵
        Executes dropped EXE
        
        PID:4444
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602359.bat
        27⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        28⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        28⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        28⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        28⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        28⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        27⤵
        Executes dropped EXE
        
        PID:4396
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602375.bat
        28⤵
        
        PID:3704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        29⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        29⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        29⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        29⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        29⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        28⤵
        Executes dropped EXE
        
        PID:3940
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602437.bat
        29⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        30⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        30⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        30⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        30⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        30⤵
        Views/modifies file attributes
        
        PID:10360
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        29⤵
        Executes dropped EXE
        
        PID:4820
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602484.bat
        30⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        31⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        31⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        31⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        31⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        31⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        30⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1420
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602546.bat
        31⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        32⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        32⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        32⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        32⤵
        Drops file in System32 directory
        
        PID:8324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        32⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        32⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        31⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1844
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602593.bat
        32⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        33⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        33⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        33⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        33⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        33⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        33⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        32⤵
        Executes dropped EXE
        
        PID:5068
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602640.bat
        33⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        34⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        34⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        34⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        34⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        34⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        33⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1440
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602703.bat
        34⤵
        
        PID:408
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        35⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        35⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        35⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        35⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        35⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        35⤵
        Drops file in System32 directory
        
        PID:11260
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        34⤵
        Executes dropped EXE
        
        PID:2952
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602765.bat
        35⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        36⤵
        Drops file in System32 directory
        
        PID:5516
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        36⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        36⤵
        Views/modifies file attributes
        
        PID:7540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        36⤵
        Drops file in System32 directory
        
        PID:9444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        36⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        35⤵
        Executes dropped EXE
        
        PID:3352
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602781.bat
        36⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        37⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        37⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        37⤵
        Drops file in System32 directory
        Views/modifies file attributes
        
        PID:7832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        37⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        37⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        36⤵
        Executes dropped EXE
        
        PID:3684
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602828.bat
        37⤵
        
        PID:1816
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        38⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        38⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        38⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        38⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        38⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        38⤵
        Drops file in System32 directory
        
        PID:9380
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        37⤵
        Executes dropped EXE
        
        PID:4320
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602859.bat
        38⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        39⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        39⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        39⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        39⤵
        Drops file in System32 directory
        
        PID:8952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        39⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        38⤵
        Executes dropped EXE
        
        PID:4312
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602906.bat
        39⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        40⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        40⤵
        Views/modifies file attributes
        
        PID:6776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        40⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        40⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        40⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        39⤵
        Executes dropped EXE
        
        PID:1392
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602921.bat
        40⤵
        
        PID:1440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        41⤵
        Views/modifies file attributes
        
        PID:5832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        41⤵
        Views/modifies file attributes
        
        PID:7148
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        41⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        41⤵
        Views/modifies file attributes
        
        PID:9752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        41⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        40⤵
        Executes dropped EXE
        
        PID:2244
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240602968.bat
        41⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        42⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        42⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        42⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        42⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        42⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        42⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        41⤵
        Executes dropped EXE
        
        PID:2424
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603031.bat
        42⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        43⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        43⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        43⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        43⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        43⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        42⤵
        Executes dropped EXE
        
        PID:2616
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603093.bat
        43⤵
        
        PID:4512
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        44⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        44⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        44⤵
        Views/modifies file attributes
        
        PID:7120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        44⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        44⤵
        Views/modifies file attributes
        
        PID:10060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        44⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:808
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603140.bat
        44⤵
        
        PID:2952
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        45⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        45⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        45⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        45⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        45⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        44⤵
        Executes dropped EXE
        
        PID:2424
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603203.bat
        45⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        46⤵
        
        PID:224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        46⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        46⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        46⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        46⤵
        
        PID:10368
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        45⤵
        Executes dropped EXE
        
        PID:3944
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603234.bat
        46⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        47⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        47⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        47⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        47⤵
        Drops file in System32 directory
        
        PID:10428
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        46⤵
        Executes dropped EXE
        
        PID:5056
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603250.bat
        47⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        48⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        48⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        48⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        48⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        48⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        47⤵
        Executes dropped EXE
        
        PID:5164
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603281.bat
        48⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        49⤵
        Drops file in System32 directory
        
        PID:5736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        49⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        49⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        49⤵
        Views/modifies file attributes
        
        PID:9380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        49⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        48⤵
        Executes dropped EXE
        
        PID:5276
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603343.bat
        49⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        50⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        50⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        50⤵
        Drops file in System32 directory
        
        PID:8468
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        50⤵
        Views/modifies file attributes
        
        PID:10580
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        49⤵
        Executes dropped EXE
        
        PID:5376
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603359.bat
        50⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        51⤵
        Drops file in System32 directory
        
        PID:5972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        51⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        51⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        51⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        51⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        50⤵
        Executes dropped EXE
        
        PID:5432
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603421.bat
        51⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        52⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        52⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        52⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        52⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        51⤵
        Executes dropped EXE
        
        PID:5568
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603484.bat
        52⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        53⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        53⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        53⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        53⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        53⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        52⤵
        Executes dropped EXE
        
        PID:5700
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603500.bat
        53⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        54⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        54⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        54⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        54⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        53⤵
        Executes dropped EXE
        
        PID:5788
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603562.bat
        54⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        55⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        55⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        55⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        55⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        54⤵
        Executes dropped EXE
        
        PID:5932
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603578.bat
        55⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        56⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        56⤵
        Views/modifies file attributes
        
        PID:8092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        56⤵
        
        PID:9456
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        56⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        55⤵
        Executes dropped EXE
        
        PID:5992
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603609.bat
        56⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        57⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        57⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        57⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        57⤵
        Views/modifies file attributes
        
        PID:9896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        57⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        56⤵
        Executes dropped EXE
        
        PID:6060
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603640.bat
        57⤵
        
        PID:588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        58⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        58⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        58⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        58⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        57⤵
        Executes dropped EXE
        
        PID:4972
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603703.bat
        58⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        59⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        59⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        59⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        59⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        59⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        58⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5220
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603718.bat
        59⤵
        
        PID:5380
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        60⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        60⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        60⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        60⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        60⤵
        Views/modifies file attributes
        
        PID:10976
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        59⤵
        Executes dropped EXE
        
        PID:5360
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603781.bat
        60⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        61⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        61⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        61⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        61⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        60⤵
        Executes dropped EXE
        
        PID:5328
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603796.bat
        61⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        62⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        62⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        62⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        62⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        62⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        61⤵
        Executes dropped EXE
        
        PID:4560
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603859.bat
        62⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        63⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        63⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        63⤵
        
        PID:10904
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        62⤵
        Executes dropped EXE
        
        PID:5872
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603906.bat
        63⤵
        
        PID:6032
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        64⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        64⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        64⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        64⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        64⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        63⤵
        Executes dropped EXE
        
        PID:5780
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603953.bat
        64⤵
        
        PID:6096
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        65⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        65⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        65⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        65⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        64⤵
        Executes dropped EXE
        
        PID:4396
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240603984.bat
        65⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        66⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        66⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        66⤵
        Views/modifies file attributes
        
        PID:9088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        66⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        65⤵
        Executes dropped EXE
        
        PID:5180
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604031.bat
        66⤵
        
        PID:5220
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        67⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        67⤵
        Drops file in System32 directory
        
        PID:6188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        67⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        67⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        67⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        66⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604046.bat
        67⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        68⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        68⤵
        Views/modifies file attributes
        
        PID:7712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        68⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        68⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        67⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604156.bat
        68⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        69⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        69⤵
        Drops file in System32 directory
        
        PID:8672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        69⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        68⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604234.bat
        69⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        70⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        70⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        70⤵
        
        PID:10376
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        69⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604250.bat
        70⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        71⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        71⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        71⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        70⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604296.bat
        71⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        72⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        72⤵
        Views/modifies file attributes
        
        PID:8780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        72⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        72⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        71⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604312.bat
        72⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        73⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        73⤵
        Drops file in System32 directory
        
        PID:9052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        73⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        72⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604343.bat
        73⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        74⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        74⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        74⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        73⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604390.bat
        74⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        75⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        75⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        75⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        75⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        75⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        75⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        74⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604437.bat
        75⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        76⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        76⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        76⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        76⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        75⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604468.bat
        76⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        77⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        77⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        77⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        77⤵
        Drops file in System32 directory
        
        PID:11608
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        76⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604578.bat
        77⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        78⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        78⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        78⤵
        Drops file in System32 directory
        
        PID:9520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        78⤵
        
        PID:10528
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        77⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604640.bat
        78⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        79⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        79⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        79⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        79⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        79⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        78⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604656.bat
        79⤵
        
        PID:6148
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        80⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        80⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        80⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        80⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        79⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604703.bat
        80⤵
        
        PID:1140
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        81⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        81⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        81⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        81⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        80⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604765.bat
        81⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        82⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        82⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        82⤵
        
        PID:10912
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        81⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604828.bat
        82⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        83⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        83⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        83⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        82⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604859.bat
        83⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        84⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        84⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        84⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        84⤵
        
        PID:11500
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        83⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604875.bat
        84⤵
        
        PID:5264
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        85⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        85⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        85⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        85⤵
        Views/modifies file attributes
        
        PID:9496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        85⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        84⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604890.bat
        85⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        86⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        86⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        86⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        85⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604921.bat
        86⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        87⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        87⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        87⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        86⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604937.bat
        87⤵
        
        PID:5140
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        88⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        88⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        88⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        88⤵
        
        PID:11176
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        87⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604968.bat
        88⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        89⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        89⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        89⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        88⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240604984.bat
        89⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        90⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        90⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        90⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        89⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605046.bat
        90⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        91⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        91⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        91⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        91⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        90⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605125.bat
        91⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        92⤵
        Drops file in System32 directory
        
        PID:6212
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        92⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        92⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        91⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605203.bat
        92⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        93⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        93⤵
        Drops file in System32 directory
        Views/modifies file attributes
        
        PID:9244
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        93⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        92⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605250.bat
        93⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        94⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        94⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        94⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        94⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        93⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605296.bat
        94⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        95⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        95⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        95⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        94⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605343.bat
        95⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        96⤵
        Drops file in System32 directory
        
        PID:6312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        96⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        96⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        95⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605421.bat
        96⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        97⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        97⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        97⤵
        
        PID:10904
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        96⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605453.bat
        97⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        98⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        98⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        98⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        98⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        97⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605484.bat
        98⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        99⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        99⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        99⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        98⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605562.bat
        99⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        100⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        100⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        100⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        99⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605609.bat
        100⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        101⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        101⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        101⤵
        Views/modifies file attributes
        
        PID:9616
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        100⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605656.bat
        101⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        102⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        102⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        102⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        101⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605687.bat
        102⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        103⤵
        Views/modifies file attributes
        
        PID:8808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        103⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        103⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        102⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605734.bat
        103⤵
        
        PID:6196
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        104⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        104⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        104⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        104⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        103⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605812.bat
        104⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        105⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        105⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        105⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        104⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605906.bat
        105⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        106⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        106⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        105⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605937.bat
        106⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        107⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        107⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        106⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240605968.bat
        107⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        108⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        108⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        107⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240606015.bat
        108⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        109⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        109⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        109⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        108⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240606156.bat
        109⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        110⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        110⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        109⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240606218.bat
        110⤵
        
        PID:6944
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        111⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        111⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        111⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        111⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        110⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240606296.bat
        111⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        112⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        112⤵
        Drops file in System32 directory
        
        PID:11256
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        112⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        111⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240606328.bat
        112⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        113⤵
        Views/modifies file attributes
        
        PID:7884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        113⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        113⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        112⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240606421.bat
        113⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        114⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        114⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        113⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240606859.bat
        114⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        115⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        115⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        114⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240606890.bat
        115⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        116⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        116⤵
        
        PID:10812
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        115⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240606921.bat
        116⤵
        
        PID:7288
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        117⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        117⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        117⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        117⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        116⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240606968.bat
        117⤵
        
        PID:7984
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        118⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        118⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        118⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        118⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        117⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240606984.bat
        118⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        119⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        119⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        118⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240607000.bat
        119⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        120⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        120⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        119⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240607078.bat
        120⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        121⤵
        Drops file in System32 directory
        
        PID:9192
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        121⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        120⤵
        Drops file in System32 directory
        
        PID:8344
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240607109.bat
        121⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        122⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        122⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        121⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240607203.bat
        122⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        123⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        123⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        122⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240607250.bat
        123⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        124⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        124⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        123⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240607312.bat
        124⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        125⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        125⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        125⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        124⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240607421.bat
        125⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        126⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        126⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        125⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240607500.bat
        126⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        127⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        127⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        126⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240607578.bat
        127⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        128⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        128⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        127⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240607609.bat
        128⤵
        
        PID:8476
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        129⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        129⤵
        Drops file in System32 directory
        
        PID:8600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        129⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        128⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240607671.bat
        129⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        130⤵
        Drops file in System32 directory
        
        PID:7072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        130⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        129⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240607765.bat
        130⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        131⤵
        Drops file in System32 directory
        
        PID:8384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        131⤵
        Views/modifies file attributes
        
        PID:8916
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        130⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240607796.bat
        131⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        132⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        132⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        131⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240607906.bat
        132⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        133⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        133⤵
        Views/modifies file attributes
        
        PID:7180
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        132⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240607984.bat
        133⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        134⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        134⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        133⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240608078.bat
        134⤵
        
        PID:8500
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        135⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        135⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        134⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240608109.bat
        135⤵
        
        PID:9092
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        136⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        136⤵
        
        PID:10912
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        135⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240608140.bat
        136⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        137⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        136⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240608203.bat
        137⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        138⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        138⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        137⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240608234.bat
        138⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        139⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        138⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240608343.bat
        139⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        140⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        140⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        139⤵
        
        PID:9612
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240608390.bat
        140⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        141⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        140⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240608437.bat
        141⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        142⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        141⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240608484.bat
        142⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        143⤵
        
        PID:10828
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        142⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240608546.bat
        143⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        144⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        143⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240608578.bat
        144⤵
        
        PID:10104
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        145⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        145⤵
        Views/modifies file attributes
        
        PID:10480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        145⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        144⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240608687.bat
        145⤵
        
        PID:7588
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        146⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        146⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        145⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240608750.bat
        146⤵
        
        PID:9420
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        147⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        147⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        146⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240608828.bat
        147⤵
        
        PID:9436
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        148⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        148⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        147⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240608875.bat
        148⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        149⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        148⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240608968.bat
        149⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        150⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        150⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        150⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        149⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609000.bat
        150⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        151⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        150⤵
        Drops file in System32 directory
        
        PID:8616
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609015.bat
        151⤵
        
        PID:8568
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        152⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        152⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        151⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609156.bat
        152⤵
        
        PID:8484
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        153⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        153⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        152⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609187.bat
        153⤵
        
        PID:7488
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        154⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        154⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        153⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609218.bat
        154⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        155⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        154⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609281.bat
        155⤵
        
        PID:9800
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        156⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        156⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        155⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609375.bat
        156⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        157⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        156⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609406.bat
        157⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        158⤵
        Drops file in System32 directory
        
        PID:10376
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        157⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609468.bat
        158⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        159⤵
        Views/modifies file attributes
        
        PID:10484
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        158⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609531.bat
        159⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        160⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        159⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609609.bat
        160⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        161⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        160⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609671.bat
        161⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        162⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        161⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609703.bat
        162⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        163⤵
        Views/modifies file attributes
        
        PID:9960
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        162⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609765.bat
        163⤵
        
        PID:10816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        164⤵
        Views/modifies file attributes
        
        PID:11552
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        163⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609828.bat
        164⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        165⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        164⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609890.bat
        165⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        166⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        166⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        165⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609906.bat
        166⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        167⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        167⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        167⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        166⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240609937.bat
        167⤵
        
        PID:11200
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        168⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        168⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        167⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240610015.bat
        168⤵
        
        PID:9956
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        169⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        169⤵
        Views/modifies file attributes
        
        PID:12280
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        168⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240610031.bat
        169⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        170⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        169⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240610093.bat
        170⤵
        
        PID:10696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        171⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        170⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240610140.bat
        171⤵
        
        PID:7540
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        172⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        172⤵
        Views/modifies file attributes
        
        PID:12132
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        171⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240610218.bat
        172⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        173⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        172⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240610390.bat
        173⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        174⤵
        
        PID:10856
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        173⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240610437.bat
        174⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        174⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240610484.bat
        175⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        175⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240610515.bat
        176⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        176⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240610546.bat
        177⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        177⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240610625.bat
        178⤵
        
        PID:11184
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        179⤵
        
        PID:10368
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        178⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240610687.bat
        179⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        179⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240610750.bat
        180⤵
        
        PID:11036
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        181⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        180⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240610781.bat
        181⤵
        
        PID:11192
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        182⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        181⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240610828.bat
        182⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        182⤵
        
        PID:10904
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240610937.bat
        183⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        183⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240610968.bat
        184⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        184⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240611031.bat
        185⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        185⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240611046.bat
        186⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        186⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240611093.bat
        187⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        188⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        187⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240611125.bat
        188⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\txRJHRJH1021.exe" -r -a -s -h
        189⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        188⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240611187.bat
        189⤵
        
        PID:12236
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        190⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        189⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240611234.bat
        190⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        190⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240611312.bat
        191⤵
        
        PID:10008
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        192⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        191⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240611359.bat
        192⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        192⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240611406.bat
        193⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        193⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240611437.bat
        194⤵
        
        PID:11228
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        195⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        194⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240611484.bat
        195⤵
        
        PID:10612
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        196⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        195⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240611531.bat
        196⤵
        
        PID:11812
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        197⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        196⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240611593.bat
        197⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        197⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240611625.bat
        198⤵
        
        PID:10428
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        199⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        198⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\b3b4f3ed7898240611671.bat
        199⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\txRJHRJH1021.exe
        
        C:\Windows\system32\txRJHRJH1021.exe
        199⤵
        
        PID:11364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\txRJHRJH1021.exe

Filesize
3KB

MD5
24868955b522456ac6c303097b17f8b8

SHA1
4bc4575765aa65ff70c011aaa9693dc871ab717b

SHA256
9a8054a1fd36c9ce69b388a6c6efbaa48453e9fa32c173e5ba0a463b25f76d32

SHA512
8bb873967dbc03e5986ecefe964e2647e6bafc813eb3c206ed339279507cd78f48f0395473cc3adc1cb05bd7ce49c58862813e13f2c2f32f92e4aebb0f95b84b

Download Submit
C:\b3b4f3ed7898240601500.bat

Filesize
332B

MD5
c9dd5c4990d3ee9daafffc4fd8b512e1

SHA1
346a415b22934956d96c9cc9a2df0617b2101cfc

SHA256
f21c8c35a96ef48ad8259d91b1c43525c0131aae7504da3040290fd25949dd01

SHA512
2a5206c58b3e4319e6dd5152c2c5a1eff01120529b49f32a282afdf401bd573275d6216273f23c6bb993a8dfec5df8727420ec5470bee57494beb6a6880f8a25

Download Submit
C:\b3b4f3ed7898240601593.bat

Filesize
188B

MD5
680ca44d8f67b7fc37e19fb00a9c7c64

SHA1
8e893f1f386df7f5e85bf60717943b67afd9e1bd

SHA256
d522ec95766297a1d7d8cc1aa86267ec544d827b99fff40b611219efa075a5af

SHA512
fcd83297ef86e8abbebee91336f2cb003654f8769b72451517b058c195ec6ae6e44b02393c4032fae13f954cec63d3f4484997cca1a2e6043f489169955f8ba0

Download Submit