2203945283b793cba3d79605d3ffb421b7b74c5d0604885e2797f80e62348eb4

Analysis

max time kernel
76s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 07:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40ba1455487b1ae8b76c6e89bd20aa1d_JaffaCakes118.exe
Size

2KB
MD5

40ba1455487b1ae8b76c6e89bd20aa1d
SHA1

d76004bb31a5a7a00b950f7349861e346c46cd23
SHA256

2203945283b793cba3d79605d3ffb421b7b74c5d0604885e2797f80e62348eb4
SHA512

0e0142cd26e541dd2ecf2b3ea9612c00773153f2075933e754f84b69dcd84859755a6db81fe73bf67dfd810d6002da2eea8fe1de4cdef4db37aea31550412481

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2024	cmd.exe

Executes dropped EXE 64 IoCs

pid	Process
2512	ffIGBWD1046.exe
2796	ffIGBWD1046.exe
2824	ffIGBWD1046.exe
2260	ffIGBWD1046.exe
2804	ffIGBWD1046.exe
2780	ffIGBWD1046.exe
2676	ffIGBWD1046.exe
2612	ffIGBWD1046.exe
2972	ffIGBWD1046.exe
1684	ffIGBWD1046.exe
752	ffIGBWD1046.exe
2424	ffIGBWD1046.exe
2504	ffIGBWD1046.exe
2192	ffIGBWD1046.exe
1536	ffIGBWD1046.exe
1808	ffIGBWD1046.exe
2864	ffIGBWD1046.exe
2992	ffIGBWD1046.exe
1004	ffIGBWD1046.exe
2984	ffIGBWD1046.exe
1656	ffIGBWD1046.exe
2152	ffIGBWD1046.exe
1244	ffIGBWD1046.exe
2376	ffIGBWD1046.exe
1524	ffIGBWD1046.exe
2208	ffIGBWD1046.exe
1592	ffIGBWD1046.exe
2244	ffIGBWD1046.exe
1044	ffIGBWD1046.exe
1932	ffIGBWD1046.exe
2916	ffIGBWD1046.exe
608	ffIGBWD1046.exe
2824	ffIGBWD1046.exe
496	ffIGBWD1046.exe
1488	ffIGBWD1046.exe
2968	ffIGBWD1046.exe
2116	ffIGBWD1046.exe
2980	ffIGBWD1046.exe
2504	ffIGBWD1046.exe
2132	ffIGBWD1046.exe
2340	ffIGBWD1046.exe
1384	ffIGBWD1046.exe
2520	ffIGBWD1046.exe
1276	ffIGBWD1046.exe
2216	ffIGBWD1046.exe
2624	ffIGBWD1046.exe
2368	ffIGBWD1046.exe
752	ffIGBWD1046.exe
1812	ffIGBWD1046.exe
1592	ffIGBWD1046.exe
2836	ffIGBWD1046.exe
1444	ffIGBWD1046.exe
2596	ffIGBWD1046.exe
856	ffIGBWD1046.exe
2132	ffIGBWD1046.exe
892	ffIGBWD1046.exe
1996	ffIGBWD1046.exe
1600	ffIGBWD1046.exe
3016	ffIGBWD1046.exe
1648	ffIGBWD1046.exe
1812	ffIGBWD1046.exe
1280	ffIGBWD1046.exe
2216	ffIGBWD1046.exe
2736	ffIGBWD1046.exe

Loads dropped DLL 64 IoCs

pid	Process
1288	40ba1455487b1ae8b76c6e89bd20aa1d_JaffaCakes118.exe
1288	40ba1455487b1ae8b76c6e89bd20aa1d_JaffaCakes118.exe
2512	ffIGBWD1046.exe
2512	ffIGBWD1046.exe
2796	ffIGBWD1046.exe
2796	ffIGBWD1046.exe
2824	ffIGBWD1046.exe
2824	ffIGBWD1046.exe
2260	ffIGBWD1046.exe
2260	ffIGBWD1046.exe
2804	ffIGBWD1046.exe
2804	ffIGBWD1046.exe
2780	ffIGBWD1046.exe
2780	ffIGBWD1046.exe
2676	ffIGBWD1046.exe
2676	ffIGBWD1046.exe
2612	ffIGBWD1046.exe
2612	ffIGBWD1046.exe
2972	ffIGBWD1046.exe
2972	ffIGBWD1046.exe
1684	ffIGBWD1046.exe
1684	ffIGBWD1046.exe
752	ffIGBWD1046.exe
752	ffIGBWD1046.exe
2424	ffIGBWD1046.exe
2424	ffIGBWD1046.exe
2504	ffIGBWD1046.exe
2504	ffIGBWD1046.exe
2192	ffIGBWD1046.exe
2192	ffIGBWD1046.exe
1536	ffIGBWD1046.exe
1536	ffIGBWD1046.exe
1808	ffIGBWD1046.exe
1808	ffIGBWD1046.exe
2864	ffIGBWD1046.exe
2864	ffIGBWD1046.exe
2992	ffIGBWD1046.exe
2992	ffIGBWD1046.exe
1004	ffIGBWD1046.exe
1004	ffIGBWD1046.exe
2984	ffIGBWD1046.exe
2984	ffIGBWD1046.exe
1656	ffIGBWD1046.exe
1656	ffIGBWD1046.exe
2152	ffIGBWD1046.exe
2152	ffIGBWD1046.exe
1244	ffIGBWD1046.exe
1244	ffIGBWD1046.exe
2376	ffIGBWD1046.exe
2376	ffIGBWD1046.exe
1524	ffIGBWD1046.exe
1524	ffIGBWD1046.exe
2208	ffIGBWD1046.exe
2208	ffIGBWD1046.exe
1592	ffIGBWD1046.exe
1592	ffIGBWD1046.exe
2244	ffIGBWD1046.exe
2244	ffIGBWD1046.exe
1044	ffIGBWD1046.exe
1044	ffIGBWD1046.exe
1932	ffIGBWD1046.exe
1932	ffIGBWD1046.exe
2916	ffIGBWD1046.exe
2916	ffIGBWD1046.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File created	C:\Windows\SysWOW64\ffIGBWD1046.exe	ffIGBWD1046.exe
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File created	C:\Windows\SysWOW64\ffIGBWD1046.exe	ffIGBWD1046.exe
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\ffIGBWD1046.exe	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1288 wrote to memory of 2024	1288	40ba1455487b1ae8b76c6e89bd20aa1d_JaffaCakes118.exe	30
PID 1288 wrote to memory of 2024	1288	40ba1455487b1ae8b76c6e89bd20aa1d_JaffaCakes118.exe	30
PID 1288 wrote to memory of 2024	1288	40ba1455487b1ae8b76c6e89bd20aa1d_JaffaCakes118.exe	30
PID 1288 wrote to memory of 2024	1288	40ba1455487b1ae8b76c6e89bd20aa1d_JaffaCakes118.exe	30
PID 1288 wrote to memory of 2512	1288	40ba1455487b1ae8b76c6e89bd20aa1d_JaffaCakes118.exe	32
PID 1288 wrote to memory of 2512	1288	40ba1455487b1ae8b76c6e89bd20aa1d_JaffaCakes118.exe	32
PID 1288 wrote to memory of 2512	1288	40ba1455487b1ae8b76c6e89bd20aa1d_JaffaCakes118.exe	32
PID 1288 wrote to memory of 2512	1288	40ba1455487b1ae8b76c6e89bd20aa1d_JaffaCakes118.exe	32
PID 2512 wrote to memory of 1284	2512	ffIGBWD1046.exe	33
PID 2512 wrote to memory of 1284	2512	ffIGBWD1046.exe	33
PID 2512 wrote to memory of 1284	2512	ffIGBWD1046.exe	33
PID 2512 wrote to memory of 1284	2512	ffIGBWD1046.exe	33
PID 2512 wrote to memory of 2796	2512	ffIGBWD1046.exe	34
PID 2512 wrote to memory of 2796	2512	ffIGBWD1046.exe	34
PID 2512 wrote to memory of 2796	2512	ffIGBWD1046.exe	34
PID 2512 wrote to memory of 2796	2512	ffIGBWD1046.exe	34
PID 2796 wrote to memory of 2760	2796	ffIGBWD1046.exe	36
PID 2796 wrote to memory of 2760	2796	ffIGBWD1046.exe	36
PID 2796 wrote to memory of 2760	2796	ffIGBWD1046.exe	36
PID 2796 wrote to memory of 2760	2796	ffIGBWD1046.exe	36
PID 2796 wrote to memory of 2824	2796	ffIGBWD1046.exe	37
PID 2796 wrote to memory of 2824	2796	ffIGBWD1046.exe	37
PID 2796 wrote to memory of 2824	2796	ffIGBWD1046.exe	37
PID 2796 wrote to memory of 2824	2796	ffIGBWD1046.exe	37
PID 2824 wrote to memory of 2876	2824	ffIGBWD1046.exe	38
PID 2824 wrote to memory of 2876	2824	ffIGBWD1046.exe	38
PID 2824 wrote to memory of 2876	2824	ffIGBWD1046.exe	38
PID 2824 wrote to memory of 2876	2824	ffIGBWD1046.exe	38
PID 2824 wrote to memory of 2260	2824	ffIGBWD1046.exe	39
PID 2824 wrote to memory of 2260	2824	ffIGBWD1046.exe	39
PID 2824 wrote to memory of 2260	2824	ffIGBWD1046.exe	39
PID 2824 wrote to memory of 2260	2824	ffIGBWD1046.exe	39
PID 2260 wrote to memory of 2728	2260	ffIGBWD1046.exe	42
PID 2260 wrote to memory of 2728	2260	ffIGBWD1046.exe	42
PID 2260 wrote to memory of 2728	2260	ffIGBWD1046.exe	42
PID 2260 wrote to memory of 2728	2260	ffIGBWD1046.exe	42
PID 2024 wrote to memory of 2864	2024	cmd.exe	41
PID 2024 wrote to memory of 2864	2024	cmd.exe	41
PID 2024 wrote to memory of 2864	2024	cmd.exe	41
PID 2024 wrote to memory of 2864	2024	cmd.exe	41
PID 2260 wrote to memory of 2804	2260	ffIGBWD1046.exe	43
PID 2260 wrote to memory of 2804	2260	ffIGBWD1046.exe	43
PID 2260 wrote to memory of 2804	2260	ffIGBWD1046.exe	43
PID 2260 wrote to memory of 2804	2260	ffIGBWD1046.exe	43
PID 2804 wrote to memory of 2784	2804	ffIGBWD1046.exe	44
PID 2804 wrote to memory of 2784	2804	ffIGBWD1046.exe	44
PID 2804 wrote to memory of 2784	2804	ffIGBWD1046.exe	44
PID 2804 wrote to memory of 2784	2804	ffIGBWD1046.exe	44
PID 2804 wrote to memory of 2780	2804	ffIGBWD1046.exe	45
PID 2804 wrote to memory of 2780	2804	ffIGBWD1046.exe	45
PID 2804 wrote to memory of 2780	2804	ffIGBWD1046.exe	45
PID 2804 wrote to memory of 2780	2804	ffIGBWD1046.exe	45
PID 2780 wrote to memory of 2640	2780	ffIGBWD1046.exe	46
PID 2780 wrote to memory of 2640	2780	ffIGBWD1046.exe	46
PID 2780 wrote to memory of 2640	2780	ffIGBWD1046.exe	46
PID 2780 wrote to memory of 2640	2780	ffIGBWD1046.exe	46
PID 2780 wrote to memory of 2676	2780	ffIGBWD1046.exe	47
PID 2780 wrote to memory of 2676	2780	ffIGBWD1046.exe	47
PID 2780 wrote to memory of 2676	2780	ffIGBWD1046.exe	47
PID 2780 wrote to memory of 2676	2780	ffIGBWD1046.exe	47
PID 1284 wrote to memory of 1488	1284	cmd.exe	48
PID 1284 wrote to memory of 1488	1284	cmd.exe	48
PID 1284 wrote to memory of 1488	1284	cmd.exe	48
PID 1284 wrote to memory of 1488	1284	cmd.exe	48

Views/modifies file attributes 1 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2124	Process not Found
10860	Process not Found
11072	Process not Found
11316	Process not Found
10604	Process not Found
10968	Process not Found
11568	Process not Found
11448	Process not Found
11380	Process not Found
10768	Process not Found
3428	Process not Found
11732	Process not Found
3300	Process not Found
7416	attrib.exe
5216	Process not Found
11668	Process not Found
11824	Process not Found
7904	Process not Found
3632	Process not Found
7360	Process not Found
3064	Process not Found
4536	Process not Found
8232	Process not Found
11708	Process not Found
12180	Process not Found
9368	Process not Found
940	Process not Found
11720	Process not Found
12216	Process not Found
6008	Process not Found
10704	Process not Found
2096	Process not Found
6500	attrib.exe
3464	Process not Found
10448	Process not Found
11256	Process not Found
3644	Process not Found
5016	Process not Found
11000	Process not Found
10256	Process not Found
3596	attrib.exe
7960	Process not Found
9404	Process not Found
10904	Process not Found
10956	Process not Found
11596	Process not Found
11088	Process not Found
10552	Process not Found
11668	Process not Found
10868	Process not Found
10492	Process not Found
9864	Process not Found
6004	Process not Found
11392	Process not Found
10752	Process not Found
10952	Process not Found
9340	Process not Found
11600	Process not Found
10704	Process not Found
11404	Process not Found
5840	attrib.exe
10736	Process not Found
11388	Process not Found
9576	Process not Found

C:\Users\Admin\AppData\Local\Temp\40ba1455487b1ae8b76c6e89bd20aa1d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\40ba1455487b1ae8b76c6e89bd20aa1d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1288
- C:\Windows\SysWOW64\cmd.exe
  cmd /c c:\d8008d8e164c259443671.bat
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2024
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Users\Admin\AppData\Local\Temp\40ba1455487b1ae8b76c6e89bd20aa1d_JaffaCakes118.exe" -r -a -s -h
    3⤵
    PID:2864
- C:\Windows\SysWOW64\ffIGBWD1046.exe
  C:\Windows\system32\ffIGBWD1046.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2512
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c c:\d8008d8e164c259443687.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1284
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
      4⤵
      PID:1488
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
      4⤵
      PID:2508
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
      4⤵
      PID:408
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
      4⤵
      PID:1028
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
      4⤵
      PID:1976
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
      4⤵
      PID:1740
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
      4⤵
      PID:2924
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
      4⤵
      PID:7328
- - C:\Windows\SysWOW64\ffIGBWD1046.exe
    C:\Windows\system32\ffIGBWD1046.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\d8008d8e164c259443749.bat
      4⤵
      PID:2760
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        5⤵
        
        PID:2908
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        5⤵
        
        PID:1500
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        5⤵
        
        PID:2344
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        5⤵
        
        PID:2524
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        5⤵
        
        PID:1988
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        5⤵
        
        PID:1004
  - - C:\Windows\SysWOW64\ffIGBWD1046.exe
      C:\Windows\system32\ffIGBWD1046.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2824
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259443749.bat
        5⤵
        
        PID:2876
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        6⤵
        
        PID:2148
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        6⤵
        
        PID:1044
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        6⤵
        
        PID:1728
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        6⤵
        
        PID:1448
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        6⤵
        
        PID:692
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        6⤵
        
        PID:1144
    - - C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2260
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259443765.bat
        6⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        7⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        7⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        7⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        7⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        7⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        7⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        7⤵
        
        PID:7428
      - C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2804
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259443780.bat
        7⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        8⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        8⤵
        
        PID:812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        8⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        8⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        8⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2780
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259443796.bat
        8⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        9⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        9⤵
        
        PID:824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        9⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        9⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        9⤵
        
        PID:776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        9⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259443811.bat
        9⤵
        
        PID:688
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        10⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        10⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        10⤵
        
        PID:316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        10⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        10⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        10⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        10⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2612
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259443843.bat
        10⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        11⤵
        
        PID:908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        11⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        11⤵
        
        PID:1824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        11⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        11⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2972
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259443843.bat
        11⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        12⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        12⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        12⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        12⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1684
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259443874.bat
        12⤵
        
        PID:616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        13⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        13⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        13⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        13⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:752
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259443905.bat
        13⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        14⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        14⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2424
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259443952.bat
        14⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        15⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        15⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        15⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        15⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2504
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444030.bat
        15⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        16⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        16⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2192
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444045.bat
        16⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        17⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        17⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        17⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        17⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1536
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444123.bat
        17⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        18⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        18⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        18⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1808
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444373.bat
        18⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        19⤵
        
        PID:3300
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2864
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444420.bat
        19⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        20⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2992
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444435.bat
        20⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        21⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1004
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444451.bat
        21⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        22⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444467.bat
        22⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        23⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1656
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444482.bat
        23⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        24⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2152
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444498.bat
        24⤵
        
        PID:408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        25⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1244
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444498.bat
        25⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        26⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2376
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444513.bat
        26⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        27⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1524
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444529.bat
        27⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        28⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2208
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444545.bat
        28⤵
        
        PID:952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        29⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1592
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444560.bat
        29⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        30⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2244
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444560.bat
        30⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        31⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1044
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444576.bat
        31⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        32⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1932
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444607.bat
        32⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        33⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2916
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444623.bat
        33⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        34⤵
        Views/modifies file attributes
        
        PID:3596
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        33⤵
        Executes dropped EXE
        
        PID:608
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444638.bat
        34⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        35⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        34⤵
        Executes dropped EXE
        
        PID:2824
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444669.bat
        35⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        36⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        35⤵
        Executes dropped EXE
        
        PID:496
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444701.bat
        36⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        37⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        36⤵
        Executes dropped EXE
        
        PID:1488
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444716.bat
        37⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        38⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        37⤵
        Executes dropped EXE
        
        PID:2968
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444732.bat
        38⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        39⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        38⤵
        Executes dropped EXE
        
        PID:2116
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444747.bat
        39⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        40⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        39⤵
        Executes dropped EXE
        
        PID:2980
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444779.bat
        40⤵
        
        PID:824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        41⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        40⤵
        Executes dropped EXE
        
        PID:2504
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444779.bat
        41⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        42⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        41⤵
        Executes dropped EXE
        
        PID:2132
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444794.bat
        42⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        43⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        42⤵
        Executes dropped EXE
        
        PID:2340
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444810.bat
        43⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        44⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        43⤵
        Executes dropped EXE
        
        PID:1384
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444825.bat
        44⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        45⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        44⤵
        Executes dropped EXE
        
        PID:2520
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444825.bat
        45⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        46⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        45⤵
        Executes dropped EXE
        
        PID:1276
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444841.bat
        46⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        47⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        46⤵
        Executes dropped EXE
        
        PID:2216
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444857.bat
        47⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        48⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        47⤵
        Executes dropped EXE
        
        PID:2624
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444872.bat
        48⤵
        
        PID:496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        49⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        48⤵
        Executes dropped EXE
        
        PID:2368
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444888.bat
        49⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        50⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        49⤵
        Executes dropped EXE
        
        PID:752
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444919.bat
        50⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        51⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        50⤵
        Executes dropped EXE
        
        PID:1812
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444935.bat
        51⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        52⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        51⤵
        Executes dropped EXE
        
        PID:1592
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444950.bat
        52⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        53⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        52⤵
        Executes dropped EXE
        
        PID:2836
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444966.bat
        53⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        54⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        53⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1444
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259444981.bat
        54⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        55⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        54⤵
        Executes dropped EXE
        
        PID:2596
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445044.bat
        55⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        56⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        55⤵
        Executes dropped EXE
        
        PID:856
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445059.bat
        56⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        57⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        56⤵
        Executes dropped EXE
        
        PID:2132
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445075.bat
        57⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        58⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        57⤵
        Executes dropped EXE
        
        PID:892
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445091.bat
        58⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        59⤵
        Views/modifies file attributes
        
        PID:6500
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        58⤵
        Executes dropped EXE
        
        PID:1996
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445091.bat
        59⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        60⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        59⤵
        Executes dropped EXE
        
        PID:1600
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445106.bat
        60⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        61⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        60⤵
        Executes dropped EXE
        
        PID:3016
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445122.bat
        61⤵
        
        PID:812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        62⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        61⤵
        Executes dropped EXE
        
        PID:1648
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445153.bat
        62⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        63⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        62⤵
        Executes dropped EXE
        
        PID:1812
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445184.bat
        63⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        64⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        63⤵
        Executes dropped EXE
        
        PID:1280
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445184.bat
        64⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        65⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        64⤵
        Executes dropped EXE
        
        PID:2216
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445200.bat
        65⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        66⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        65⤵
        Executes dropped EXE
        
        PID:2736
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445215.bat
        66⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        67⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        66⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445231.bat
        67⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        68⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        67⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445247.bat
        68⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        69⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        68⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445262.bat
        69⤵
        
        PID:3248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        70⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        69⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445278.bat
        70⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        71⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        70⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445293.bat
        71⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        72⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        71⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445309.bat
        72⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        73⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        72⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445325.bat
        73⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        74⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        73⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445356.bat
        74⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        75⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        74⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445371.bat
        75⤵
        
        PID:3704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        76⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        75⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445387.bat
        76⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        77⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        76⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445403.bat
        77⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        78⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        77⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445418.bat
        78⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        79⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        78⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445434.bat
        79⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        80⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        79⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445449.bat
        80⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        81⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        80⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445481.bat
        81⤵
        
        PID:3112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        82⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        81⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445496.bat
        82⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        83⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        82⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445527.bat
        83⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        84⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        83⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445527.bat
        84⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        85⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        84⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445543.bat
        85⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        86⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        85⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445559.bat
        86⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        87⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        86⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445605.bat
        87⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        88⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        87⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445652.bat
        88⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        89⤵
        Views/modifies file attributes
        
        PID:5840
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        88⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445668.bat
        89⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        90⤵
        Views/modifies file attributes
        
        PID:7416
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        89⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445699.bat
        90⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        91⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        90⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445715.bat
        91⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        92⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        91⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445730.bat
        92⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        93⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        92⤵
        
        PID:3380
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445746.bat
        93⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        94⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        93⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445777.bat
        94⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        95⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        94⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445793.bat
        95⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        96⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        95⤵
        
        PID:3212
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445824.bat
        96⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        97⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        96⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445839.bat
        97⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        98⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        97⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445871.bat
        98⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        99⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        98⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445886.bat
        99⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        100⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        99⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445886.bat
        100⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        101⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        100⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445902.bat
        101⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        102⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        101⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445917.bat
        102⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        103⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        102⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445933.bat
        103⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        104⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        103⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445949.bat
        104⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        105⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        104⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259445964.bat
        105⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        106⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        105⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446011.bat
        106⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        107⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        106⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446027.bat
        107⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        108⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        107⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446042.bat
        108⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        109⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        108⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446058.bat
        109⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        110⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        109⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446073.bat
        110⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        111⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        110⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446105.bat
        111⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        112⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        111⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446136.bat
        112⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        113⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        112⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446136.bat
        113⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        114⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        113⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446151.bat
        114⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        115⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        114⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446183.bat
        115⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        116⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        115⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446198.bat
        116⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        117⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        116⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446229.bat
        117⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        118⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        117⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446245.bat
        118⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        119⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        118⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446261.bat
        119⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        120⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        119⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446276.bat
        120⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        121⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        120⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446307.bat
        121⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        122⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        121⤵
        
        PID:3212
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446323.bat
        122⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        123⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        122⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446339.bat
        123⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        124⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        123⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446370.bat
        124⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        125⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        124⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446385.bat
        125⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        126⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        125⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446417.bat
        126⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        127⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        126⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446432.bat
        127⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        128⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        127⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446448.bat
        128⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        129⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        128⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446479.bat
        129⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        130⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        129⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446495.bat
        130⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        131⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        130⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446510.bat
        131⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        132⤵
        
        PID:10064
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        131⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446526.bat
        132⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        133⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        132⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446541.bat
        133⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        134⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        133⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446557.bat
        134⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        135⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        134⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446573.bat
        135⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        136⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        135⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446588.bat
        136⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        137⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        136⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446604.bat
        137⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        138⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        137⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446619.bat
        138⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        139⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        138⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446635.bat
        139⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        140⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        139⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446666.bat
        140⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        141⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        140⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446682.bat
        141⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        142⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        141⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446697.bat
        142⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        143⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        142⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446713.bat
        143⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        144⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        143⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446744.bat
        144⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        145⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        144⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446760.bat
        145⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        146⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        145⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446791.bat
        146⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        147⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        146⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446807.bat
        147⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        148⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        147⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446822.bat
        148⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        149⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        148⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446822.bat
        149⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        150⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        149⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446838.bat
        150⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        151⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        150⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446869.bat
        151⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        152⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        151⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446900.bat
        152⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        153⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        152⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446916.bat
        153⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        154⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        153⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446931.bat
        154⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        155⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        154⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446963.bat
        155⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        156⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        155⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446963.bat
        156⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        157⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        156⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446978.bat
        157⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        158⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        157⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259446994.bat
        158⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        159⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        158⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447025.bat
        159⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        160⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        159⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447041.bat
        160⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        161⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        160⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447072.bat
        161⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        162⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        161⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447087.bat
        162⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        163⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        162⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447087.bat
        163⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        164⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        163⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447103.bat
        164⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        165⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        164⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447119.bat
        165⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        166⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        165⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447150.bat
        166⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        167⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        166⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447165.bat
        167⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        168⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        167⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447181.bat
        168⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        169⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        168⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447181.bat
        169⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        170⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        169⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447197.bat
        170⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        171⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        170⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447212.bat
        171⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        172⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        171⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447212.bat
        172⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        173⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        172⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447243.bat
        173⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        174⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        173⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447275.bat
        174⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        175⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        174⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447290.bat
        175⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        176⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        175⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447306.bat
        176⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        177⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        176⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447321.bat
        177⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        178⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        177⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447384.bat
        178⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        179⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        178⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447399.bat
        179⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        180⤵
        Drops file in System32 directory
        
        PID:10364
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        179⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447415.bat
        180⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        180⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447431.bat
        181⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        182⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        181⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447446.bat
        182⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        183⤵
        
        PID:10396
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        182⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447446.bat
        183⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        183⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447462.bat
        184⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        185⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        184⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447477.bat
        185⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        186⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        185⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447493.bat
        186⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        186⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447524.bat
        187⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        187⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447540.bat
        188⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        188⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447555.bat
        189⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        189⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447555.bat
        190⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        190⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447571.bat
        191⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        192⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        191⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447602.bat
        192⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        193⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        192⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447618.bat
        193⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        193⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447649.bat
        194⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        195⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        194⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447680.bat
        195⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        195⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447696.bat
        196⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        196⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447696.bat
        197⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        198⤵
        
        PID:10532
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        197⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447727.bat
        198⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        198⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447743.bat
        199⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        200⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        199⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447758.bat
        200⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        200⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447774.bat
        201⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        201⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447789.bat
        202⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        203⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        202⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447805.bat
        203⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        204⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        203⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447821.bat
        204⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\ffIGBWD1046.exe" -r -a -s -h
        205⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        204⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447836.bat
        205⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        205⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447852.bat
        206⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        206⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447867.bat
        207⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        207⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447883.bat
        208⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        208⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447899.bat
        209⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        209⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447914.bat
        210⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        210⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447914.bat
        211⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        211⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447945.bat
        212⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        212⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447945.bat
        213⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        213⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447961.bat
        214⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        214⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447977.bat
        215⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        215⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259447992.bat
        216⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        216⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448023.bat
        217⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        217⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448039.bat
        218⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        218⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448055.bat
        219⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        219⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448086.bat
        220⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        220⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448117.bat
        221⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        221⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448133.bat
        222⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        222⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448164.bat
        223⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        223⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448179.bat
        224⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        224⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448195.bat
        225⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        225⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448195.bat
        226⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        226⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448211.bat
        227⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        227⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448226.bat
        228⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        228⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448258.bat
        229⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        229⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448273.bat
        230⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        230⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448289.bat
        231⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        231⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448304.bat
        232⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        232⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448320.bat
        233⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        233⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448336.bat
        234⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        234⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448351.bat
        235⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        235⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448382.bat
        236⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        236⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448398.bat
        237⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        237⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448414.bat
        238⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        238⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448445.bat
        239⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        239⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448460.bat
        240⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        240⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448460.bat
        241⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        241⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448476.bat
        242⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        242⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448492.bat
        243⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        243⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448507.bat
        244⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        244⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448554.bat
        245⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        245⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448570.bat
        246⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        246⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448585.bat
        247⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        247⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448616.bat
        248⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        248⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448632.bat
        249⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        249⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448648.bat
        250⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        250⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448679.bat
        251⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        251⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448710.bat
        252⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        252⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448726.bat
        253⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        253⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448757.bat
        254⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        254⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448772.bat
        255⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        255⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448772.bat
        256⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        256⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448804.bat
        257⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        257⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448819.bat
        258⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        258⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448835.bat
        259⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        259⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448850.bat
        260⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        260⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448882.bat
        261⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        261⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448897.bat
        262⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        262⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448913.bat
        263⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        263⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448928.bat
        264⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        264⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448944.bat
        265⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        265⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448975.bat
        266⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        266⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259448991.bat
        267⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        267⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449022.bat
        268⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        268⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449038.bat
        269⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        269⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449084.bat
        270⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        270⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449100.bat
        271⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        271⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449116.bat
        272⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        272⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449147.bat
        273⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        273⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449178.bat
        274⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        274⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449194.bat
        275⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        275⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449209.bat
        276⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        276⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449225.bat
        277⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        277⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449240.bat
        278⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        278⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449256.bat
        279⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        279⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449272.bat
        280⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        280⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449287.bat
        281⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        281⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449318.bat
        282⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        282⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449350.bat
        283⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        283⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449365.bat
        284⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        284⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449381.bat
        285⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        285⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449396.bat
        286⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        286⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449412.bat
        287⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        287⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449428.bat
        288⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        288⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449459.bat
        289⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        289⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449490.bat
        290⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        290⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449506.bat
        291⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        291⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449521.bat
        292⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        292⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449537.bat
        293⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        293⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449552.bat
        294⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        294⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449568.bat
        295⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        295⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449584.bat
        296⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        296⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449599.bat
        297⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        297⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449615.bat
        298⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        298⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449630.bat
        299⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        299⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449646.bat
        300⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        300⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449646.bat
        301⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        301⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449677.bat
        302⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        302⤵
        Drops file in System32 directory
        
        PID:8512
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449708.bat
        303⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        303⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449724.bat
        304⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        304⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449740.bat
        305⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        305⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449771.bat
        306⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        306⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449802.bat
        307⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        307⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449818.bat
        308⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        308⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449833.bat
        309⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        309⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449864.bat
        310⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        310⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449896.bat
        311⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        311⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449896.bat
        312⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        312⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449911.bat
        313⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        313⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449927.bat
        314⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        314⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449942.bat
        315⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        315⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449942.bat
        316⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        316⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449958.bat
        317⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        317⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449974.bat
        318⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        318⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259449989.bat
        319⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        319⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450036.bat
        320⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        320⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450052.bat
        321⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        321⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450067.bat
        322⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        322⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450083.bat
        323⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        323⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450098.bat
        324⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        324⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450114.bat
        325⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        325⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450130.bat
        326⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        326⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450161.bat
        327⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        327⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450176.bat
        328⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        328⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450192.bat
        329⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        329⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450223.bat
        330⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        330⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450239.bat
        331⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        331⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450254.bat
        332⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        332⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450286.bat
        333⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        333⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450301.bat
        334⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        334⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450317.bat
        335⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        335⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450332.bat
        336⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        336⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450364.bat
        337⤵
        
        PID:10036
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        337⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450379.bat
        338⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        338⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450410.bat
        339⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        339⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450426.bat
        340⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        340⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450442.bat
        341⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        341⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450473.bat
        342⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        342⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450488.bat
        343⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        343⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450504.bat
        344⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        344⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450520.bat
        345⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        345⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450535.bat
        346⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        346⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450551.bat
        347⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        347⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450566.bat
        348⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        348⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450582.bat
        349⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        349⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450582.bat
        350⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        350⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450598.bat
        351⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        351⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450629.bat
        352⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        352⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450644.bat
        353⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        353⤵
        
        PID:9412
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450676.bat
        354⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        354⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450722.bat
        355⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        355⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450738.bat
        356⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        356⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450754.bat
        357⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        357⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450769.bat
        358⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        358⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450785.bat
        359⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        359⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\d8008d8e164c259450816.bat
        360⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\ffIGBWD1046.exe
        
        C:\Windows\system32\ffIGBWD1046.exe
        360⤵
        
        PID:8392

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "4405658339464427081840228304-66112985-1150416277825970682-6693297631624015667"
1⤵
PID:1500

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1514187856-1745912923-917899585795336649-1573915286-15351550772144841229-88070595"
1⤵
PID:1672

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1919202407-1432757996366436738-509744990-647165283-9909335411820971233-315115282"
1⤵
PID:1728

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1874566896-38258792694213319-857804871-16108041061873487650-16972442-1303137663"
1⤵
PID:316

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "293469665662802663689543411-135779972218341146640164551-92254724-518069659"
1⤵
PID:2260

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-659332948510547597-18070772121190673671-2115390897394297338-81609041833913036"
1⤵
PID:1524

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1352304491-108206872-1909570571-1289701692023902785802782823-275070794-1309646350"
1⤵
PID:2532

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1402453307-269816733-15443264971599278283-541320463-86807747519902142962117787864"
1⤵
PID:2308

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-183817579320266968918046810851273230801-1896616806-1609925490-252466342-223759596"
1⤵
PID:2524

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "108245989970681872410411391611869931658957586238-959106320-1057761027-160650750"
1⤵
PID:2916

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-82495615117260982871138057741-17867225466295564521823216719-8180896931639181147"
1⤵
PID:2448

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1529580346-1860535872-12096674601026139471963636721043400212-151588843-490091516"
1⤵
PID:2204

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "498473646-693040067-153241053520946309111254822022-2110431948898311889-214302942"
1⤵
PID:2132

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "13702473812104784912-1915598953-20052050852007220610400503661245164778-1339974701"
1⤵
PID:2836

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "176513727-4807200071679835567-202683100419036908001977278316-173433309-1271827064"
1⤵
PID:2244

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1582413483164316704121096707161461072467309806763-4646809945206545851112179158"
1⤵
PID:892

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "14287885261930076179365480517964885256-475324707-61769239511915104211935013315"
1⤵
PID:1444

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1403437459-7628152799701017412132540981-20298021951095479851344204176247605878"
1⤵
PID:3952

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1490565654-713745574-4905968961864040822-8144428141147190561-1433146643-1794528132"
1⤵
PID:3380

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1334789714-927497758860034940-66762984816677282872047024564-677961341-1918321749"
1⤵
PID:2848

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "963270851172788813421415801008105203801161560753-570369167-2129870831441331574"
1⤵
PID:4272

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "567547367356812830-1912121608233964316193825021-1915571672549739830-822535855"
1⤵
PID:776

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1956242660-166968088315531907991837603347193705906-1493679298-1534641698-1165352496"
1⤵
PID:4108

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1723210173-948021527-13273238301094984441826831209630541142-141367560609934688"
1⤵
PID:4640

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1770379756-528061064-147265396188311666037607866151003884210283342502096525099"
1⤵
PID:4528

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "8125487521720932708932521575-12834700281175606587-18241273672133820485-1518897256"
1⤵
PID:4816

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1933910085-1555222963-1891343032338777527-290157183258509179-21423104102043705674"
1⤵
PID:4248

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "244387117054210541208135959659726413-709708940-859849362083649571-1427922630"
1⤵
PID:4564

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1910880675-2885922941781734582346689862532856926-1108661192-1479224501-1376192214"
1⤵
PID:4148

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "792732875-33459574612958441118337909881041653798-334910066-581222629-1961655858"
1⤵
PID:5084

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "430945430-19874442511981052973542416578710708960211602510718987837801470147214"
1⤵
PID:3212

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "313516400600955516215790817-2382390471303664223-1657500747-1330406851-2102778338"
1⤵
PID:2924

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-773922771-642551154-85622608-483871597-1702838919-1979974573273770711588433226"
1⤵
PID:5876

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2021536189-7442832252145927361-1620929526-4544268831441454172486195653-1485088003"
1⤵
PID:5196

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "169607285-490868627-889367877-1255732113-147376957661605262582678-294492273"
1⤵
PID:5676

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "810877747-1703376557-1327487659575732888549338144402025741798661394-1108915999"
1⤵
PID:3196

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "6970144011110567052299991518-1319379738-838396290874744649779825819542043289"
1⤵
PID:6408

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "573846103640658287-482417106-197262032-1062444620579682271749598569853109507"
1⤵
PID:6612

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1988804801993258846737168460-1842969656-18076594254302089-14685186311905458618"
1⤵
PID:6692

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1815733229-1176922295-1106245995-294218382-4191968819221806971469093277-1341043675"
1⤵
PID:6804

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-311630679-766234830-7067185781221046194-2072447521-212044358-1456024065-118982255"
1⤵
PID:6232

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-19293285771598683943-18601143251629375314-8725824861646024352-2598605612008365672"
1⤵
PID:6344

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "352625648-9351072571817623736-13448221541767580516670409234892382821520059061"
1⤵
PID:6704

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "79440284-1695541021-1008437726-106439552346993991168490373-1483644376123500445"
1⤵
PID:7736

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1996113438-436217863675284450506332344-111794158015892756991940050781-85490145"
1⤵
PID:7256

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1694045901-6380475032113150800-14987128511386495126-434842601-977497812-1580533656"
1⤵
PID:7956

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1415240072-65367846450488221661065293-506717831028694603449185143-58089039"
1⤵
PID:7236

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2087738371-1415335225-846175188-773489306-123223671584370519013187273141943534741"
1⤵
PID:7484

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-9561408301289562288-419875761-189372121144567945-878007076-1181283276-1353239617"
1⤵
PID:8464

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1990531529-1214269301389257066-1347003077576083380-617811450-652866735-572654759"
1⤵
PID:8940

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-12547799588925233771411437472684507471104601925186518195317244838521280063993"
1⤵
PID:8036

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "4223777821787067617-1163301659-13451007112143198030-2060160672265941198-79823833"
1⤵
PID:7740

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "20534459751380198396-838758281-15445010681315828417431553914-18312404421320045062"
1⤵
PID:8652

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1299711112-23983303-1212744922-1173335344932891468-1683135915-16299404667697209"
1⤵
PID:9532

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1882564297-603210641528569499-1127528060-18749510375600392312299788371763147433"
1⤵
PID:9604

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2076242532-537304569831835250-2077444570-2079964677-57668158-1272076230532397958"
1⤵
PID:6748

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-187922899-994182417-459911255148401144-1242108692-648825494467926419-497360240"
1⤵
PID:9208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\d8008d8e164c259443671.bat

Filesize
332B

MD5
f6289065a794a613e1d2fd49bb17bab1

SHA1
cc15e9bdb1d2a646101bcd49927662ba7d31d55a

SHA256
b75e12a8c76d90d520a6f55c69dce9966233e101e2ffa15b467db976b5467312

SHA512
325e31e45ae19a25d32778d61d80db63926f354deee92641f2ddbe253686194f856810148dbc1db993898ae2f4aea68b32793bc47e57badb0fc32e0472864d95

Download Submit
C:\d8008d8e164c259443687.bat

Filesize
185B

MD5
8d74e1a14bae7ebb712257c74587f767

SHA1
18a943036dbe03393148d76ea78239cb532dbc96

SHA256
efc8c07f895f31a9d4cee35e8a5cf58a865ccaaf255381ce3086ee1dbaa92812

SHA512
f48f622f79111455928d6e34ddc7cca8ec346183bd4966d69aadb4c341c9635ed29f9799589c52b8bbb9b6fbe2bebf90fb96e62ed6fb9c859f49e5f3cf73321e

Download Submit
\Windows\SysWOW64\ffIGBWD1046.exe

Filesize
2KB

MD5
40ba1455487b1ae8b76c6e89bd20aa1d

SHA1
d76004bb31a5a7a00b950f7349861e346c46cd23

SHA256
2203945283b793cba3d79605d3ffb421b7b74c5d0604885e2797f80e62348eb4

SHA512
0e0142cd26e541dd2ecf2b3ea9612c00773153f2075933e754f84b69dcd84859755a6db81fe73bf67dfd810d6002da2eea8fe1de4cdef4db37aea31550412481

Download Submit
memory/1384-329-0x0000000077130000-0x000000007722A000-memory.dmp

Filesize
1000KB

Download
memory/1384-328-0x0000000077010000-0x000000007712F000-memory.dmp

Filesize
1.1MB

Download