44ef5989e265bb5a1c8bcb0033ff0708f3f902d3cbc4f2ea473848ab3b8b2a61

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 11:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

458cdbe6a7645633cf217959df60191b_JaffaCakes118.exe
Size

96KB
MD5

458cdbe6a7645633cf217959df60191b
SHA1

a1d352d01f1ba6def14a52d93eb3412dcb7205ab
SHA256

44ef5989e265bb5a1c8bcb0033ff0708f3f902d3cbc4f2ea473848ab3b8b2a61
SHA512

5302c602a91a533b18813573c273255aae295c6b46cd378b9d5344c2015d92f4e372085caa7d94be456696045e7b4e34b9abe1ed50bb2657b408b788e9111219
SSDEEP

768:2nSdwkv8m0Q2MGTcJpzy/lLvX1+LZ0jXEuGm:2YHvZ8MG4zON5i0jbx

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3432	Process not Found

Executes dropped EXE 64 IoCs

pid	Process
2628	dhdins.exe
1236	dhdins.exe
2328	dhdins.exe
1988	dhdins.exe
2208	dhdins.exe
1364	dhdins.exe
2232	dhdins.exe
2484	dhdins.exe
2688	dhdins.exe
2576	dhdins.exe
584	dhdins.exe
644	dhdins.exe
2940	dhdins.exe
2920	dhdins.exe
1876	dhdins.exe
2396	dhdins.exe
1332	dhdins.exe
1860	dhdins.exe
1268	dhdins.exe
752	dhdins.exe
804	dhdins.exe
308	dhdins.exe
1848	dhdins.exe
3056	dhdins.exe
1480	dhdins.exe
2776	dhdins.exe
2636	dhdins.exe
2904	dhdins.exe
2440	dhdins.exe
2836	dhdins.exe
1772	dhdins.exe
2052	dhdins.exe
1760	dhdins.exe
668	dhdins.exe
1040	dhdins.exe
1692	dhdins.exe
2180	dhdins.exe
2176	dhdins.exe
2724	dhdins.exe
2252	dhdins.exe
2508	dhdins.exe
3540	dhdins.exe
1664	dhdins.exe
3488	dhdins.exe
3912	dhdins.exe
1972	dhdins.exe
3368	dhdins.exe
3732	dhdins.exe
3376	Process not Found
3436	Process not Found
868	Process not Found
3884	Process not Found
3988	Process not Found
3748	Process not Found
3876	Process not Found
3512	Process not Found
3932	Process not Found
3204	Process not Found
2752	Process not Found
3140	Process not Found
3952	Process not Found
3944	Process not Found
2452	Process not Found
3408	Process not Found

Loads dropped DLL 64 IoCs

pid	Process
2876	458cdbe6a7645633cf217959df60191b_JaffaCakes118.exe
2876	458cdbe6a7645633cf217959df60191b_JaffaCakes118.exe
2628	dhdins.exe
2628	dhdins.exe
1236	dhdins.exe
1236	dhdins.exe
2328	dhdins.exe
2328	dhdins.exe
1988	dhdins.exe
1988	dhdins.exe
2208	dhdins.exe
2208	dhdins.exe
1364	dhdins.exe
1364	dhdins.exe
2232	dhdins.exe
2232	dhdins.exe
2484	dhdins.exe
2484	dhdins.exe
2688	dhdins.exe
2688	dhdins.exe
2576	dhdins.exe
2576	dhdins.exe
584	dhdins.exe
584	dhdins.exe
644	dhdins.exe
644	dhdins.exe
2940	dhdins.exe
2940	dhdins.exe
2920	dhdins.exe
2920	dhdins.exe
1876	dhdins.exe
1876	dhdins.exe
2396	dhdins.exe
2396	dhdins.exe
1332	dhdins.exe
1332	dhdins.exe
1860	dhdins.exe
1860	dhdins.exe
1268	dhdins.exe
1268	dhdins.exe
752	dhdins.exe
752	dhdins.exe
804	dhdins.exe
804	dhdins.exe
308	dhdins.exe
308	dhdins.exe
1848	dhdins.exe
1848	dhdins.exe
3056	dhdins.exe
3056	dhdins.exe
1480	dhdins.exe
1480	dhdins.exe
2776	dhdins.exe
2776	dhdins.exe
2636	dhdins.exe
2636	dhdins.exe
2904	dhdins.exe
2904	dhdins.exe
2440	dhdins.exe
2440	dhdins.exe
2836	dhdins.exe
2836	dhdins.exe
1772	dhdins.exe
1772	dhdins.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\dhdpri.dll	dhdins.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\dhdins.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\dhdini.dll	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\dhdins.exe	dhdins.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\dhdins.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\dhdins.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\dhdins.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\dhdins.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\dhdins.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\dhdpri.dll	dhdins.exe
File opened for modification	C:\Windows\SysWOW64\dhdini.dll	dhdins.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\dhdins.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File created	C:\Windows\SysWOW64\dhdpri.dll	dhdins.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\dhdini.dll	Process not Found
File opened for modification	C:\Windows\SysWOW64\dhdins.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	Process not Found

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ = "C:\\Windows\\SysWow64\\dhdpri.dll"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	dhdins.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	dhdins.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	dhdins.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	dhdins.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	dhdins.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ = "C:\\Windows\\SysWow64\\dhdpri.dll"	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	dhdins.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	dhdins.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ = "C:\\Windows\\SysWow64\\dhdpri.dll"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	458cdbe6a7645633cf217959df60191b_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ = "C:\\Windows\\SysWow64\\dhdpri.dll"	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ = "C:\\Windows\\SysWow64\\dhdpri.dll"	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ = "C:\\Windows\\SysWow64\\dhdpri.dll"	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ = "C:\\Windows\\SysWow64\\dhdpri.dll"	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ = "C:\\Windows\\SysWow64\\dhdpri.dll"	dhdins.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ = "C:\\Windows\\SysWow64\\dhdpri.dll"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	dhdins.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ = "C:\\Windows\\SysWow64\\dhdpri.dll"	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ = "C:\\Windows\\SysWow64\\dhdpri.dll"	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ = "C:\\Windows\\SysWow64\\dhdpri.dll"	dhdins.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ = "C:\\Windows\\SysWow64\\dhdpri.dll"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ = "C:\\Windows\\SysWow64\\dhdpri.dll"	dhdins.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	dhdins.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ = "C:\\Windows\\SysWow64\\dhdpri.dll"	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	dhdins.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	dhdins.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ThreadingModel = "Apartment"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32\ = "C:\\Windows\\SysWow64\\dhdpri.dll"	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42311A42-AC1B-158F-FD32-5674345F23A4}\InprocServer32	dhdins.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2876	458cdbe6a7645633cf217959df60191b_JaffaCakes118.exe
2628	dhdins.exe
1236	dhdins.exe
2328	dhdins.exe
1988	dhdins.exe
2208	dhdins.exe
1364	dhdins.exe
2232	dhdins.exe
2484	dhdins.exe
2688	dhdins.exe
2576	dhdins.exe
584	dhdins.exe
644	dhdins.exe
2940	dhdins.exe
2920	dhdins.exe
1876	dhdins.exe
2396	dhdins.exe
1332	dhdins.exe
1860	dhdins.exe
1268	dhdins.exe
752	dhdins.exe
804	dhdins.exe
308	dhdins.exe
1848	dhdins.exe
1848	dhdins.exe
3056	dhdins.exe
3056	dhdins.exe
1480	dhdins.exe
1480	dhdins.exe
2776	dhdins.exe
2776	dhdins.exe
2776	dhdins.exe
2636	dhdins.exe
2636	dhdins.exe
2904	dhdins.exe
2904	dhdins.exe
2904	dhdins.exe
2440	dhdins.exe
2440	dhdins.exe
2440	dhdins.exe
2836	dhdins.exe
2836	dhdins.exe
2836	dhdins.exe
1772	dhdins.exe
1772	dhdins.exe
1772	dhdins.exe
2052	dhdins.exe
2052	dhdins.exe
2052	dhdins.exe
1760	dhdins.exe
1760	dhdins.exe
1760	dhdins.exe
668	dhdins.exe
668	dhdins.exe
668	dhdins.exe
1040	dhdins.exe
1040	dhdins.exe
1040	dhdins.exe
1040	dhdins.exe
1692	dhdins.exe
1692	dhdins.exe
1692	dhdins.exe
1692	dhdins.exe
2180	dhdins.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2964	2876	458cdbe6a7645633cf217959df60191b_JaffaCakes118.exe	30
PID 2876 wrote to memory of 2964	2876	458cdbe6a7645633cf217959df60191b_JaffaCakes118.exe	30
PID 2876 wrote to memory of 2964	2876	458cdbe6a7645633cf217959df60191b_JaffaCakes118.exe	30
PID 2876 wrote to memory of 2964	2876	458cdbe6a7645633cf217959df60191b_JaffaCakes118.exe	30
PID 2876 wrote to memory of 2628	2876	458cdbe6a7645633cf217959df60191b_JaffaCakes118.exe	31
PID 2876 wrote to memory of 2628	2876	458cdbe6a7645633cf217959df60191b_JaffaCakes118.exe	31
PID 2876 wrote to memory of 2628	2876	458cdbe6a7645633cf217959df60191b_JaffaCakes118.exe	31
PID 2876 wrote to memory of 2628	2876	458cdbe6a7645633cf217959df60191b_JaffaCakes118.exe	31
PID 2628 wrote to memory of 2588	2628	dhdins.exe	33
PID 2628 wrote to memory of 2588	2628	dhdins.exe	33
PID 2628 wrote to memory of 2588	2628	dhdins.exe	33
PID 2628 wrote to memory of 2588	2628	dhdins.exe	33
PID 2628 wrote to memory of 1236	2628	dhdins.exe	35
PID 2628 wrote to memory of 1236	2628	dhdins.exe	35
PID 2628 wrote to memory of 1236	2628	dhdins.exe	35
PID 2628 wrote to memory of 1236	2628	dhdins.exe	35
PID 2964 wrote to memory of 2268	2964	cmd.exe	36
PID 2964 wrote to memory of 2268	2964	cmd.exe	36
PID 2964 wrote to memory of 2268	2964	cmd.exe	36
PID 2964 wrote to memory of 2268	2964	cmd.exe	36
PID 2588 wrote to memory of 2192	2588	cmd.exe	37
PID 2588 wrote to memory of 2192	2588	cmd.exe	37
PID 2588 wrote to memory of 2192	2588	cmd.exe	37
PID 2588 wrote to memory of 2192	2588	cmd.exe	37
PID 1236 wrote to memory of 992	1236	dhdins.exe	38
PID 1236 wrote to memory of 992	1236	dhdins.exe	38
PID 1236 wrote to memory of 992	1236	dhdins.exe	38
PID 1236 wrote to memory of 992	1236	dhdins.exe	38
PID 2588 wrote to memory of 1488	2588	cmd.exe	40
PID 2588 wrote to memory of 1488	2588	cmd.exe	40
PID 2588 wrote to memory of 1488	2588	cmd.exe	40
PID 2588 wrote to memory of 1488	2588	cmd.exe	40
PID 1236 wrote to memory of 2328	1236	dhdins.exe	41
PID 1236 wrote to memory of 2328	1236	dhdins.exe	41
PID 1236 wrote to memory of 2328	1236	dhdins.exe	41
PID 1236 wrote to memory of 2328	1236	dhdins.exe	41
PID 992 wrote to memory of 2472	992	cmd.exe	42
PID 992 wrote to memory of 2472	992	cmd.exe	42
PID 992 wrote to memory of 2472	992	cmd.exe	42
PID 992 wrote to memory of 2472	992	cmd.exe	42
PID 2964 wrote to memory of 2188	2964	cmd.exe	43
PID 2964 wrote to memory of 2188	2964	cmd.exe	43
PID 2964 wrote to memory of 2188	2964	cmd.exe	43
PID 2964 wrote to memory of 2188	2964	cmd.exe	43
PID 2964 wrote to memory of 2228	2964	cmd.exe	44
PID 2964 wrote to memory of 2228	2964	cmd.exe	44
PID 2964 wrote to memory of 2228	2964	cmd.exe	44
PID 2964 wrote to memory of 2228	2964	cmd.exe	44
PID 2328 wrote to memory of 2660	2328	dhdins.exe	46
PID 2328 wrote to memory of 2660	2328	dhdins.exe	46
PID 2328 wrote to memory of 2660	2328	dhdins.exe	46
PID 2328 wrote to memory of 2660	2328	dhdins.exe	46
PID 992 wrote to memory of 2348	992	cmd.exe	45
PID 992 wrote to memory of 2348	992	cmd.exe	45
PID 992 wrote to memory of 2348	992	cmd.exe	45
PID 992 wrote to memory of 2348	992	cmd.exe	45
PID 2588 wrote to memory of 2868	2588	cmd.exe	47
PID 2588 wrote to memory of 2868	2588	cmd.exe	47
PID 2588 wrote to memory of 2868	2588	cmd.exe	47
PID 2588 wrote to memory of 2868	2588	cmd.exe	47
PID 2328 wrote to memory of 1988	2328	dhdins.exe	49
PID 2328 wrote to memory of 1988	2328	dhdins.exe	49
PID 2328 wrote to memory of 1988	2328	dhdins.exe	49
PID 2328 wrote to memory of 1988	2328	dhdins.exe	49

Views/modifies file attributes 1 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
7768	Process not Found
4360	Process not Found
4976	Process not Found
7476	Process not Found
7512	Process not Found
9144	Process not Found
772	Process not Found
6940	Process not Found
6168	Process not Found
3384	Process not Found
7100	Process not Found
8900	Process not Found
2684	attrib.exe
4592	Process not Found
7096	Process not Found
7272	Process not Found
4068	Process not Found
752	Process not Found
8548	Process not Found
6700	Process not Found
1904	attrib.exe
5392	Process not Found
4668	Process not Found
9208	Process not Found
6832	Process not Found
7648	Process not Found
7396	Process not Found
8640	Process not Found
2932	attrib.exe
4256	Process not Found
2112	Process not Found
5716	Process not Found
5184	Process not Found
5428	Process not Found
8080	Process not Found
8204	Process not Found
8812	Process not Found
7268	Process not Found
3968	Process not Found
5548	Process not Found
4592	Process not Found
7036	Process not Found
6408	Process not Found
8492	Process not Found
3568	Process not Found
4576	Process not Found
4464	Process not Found
8156	Process not Found
8108	Process not Found
7628	Process not Found
6040	Process not Found
7036	Process not Found
7936	Process not Found
7356	Process not Found
8184	Process not Found
7656	Process not Found
7272	Process not Found
7808	Process not Found
4048	Process not Found
6512	Process not Found
5564	Process not Found
5584	Process not Found
7908	Process not Found
7868	Process not Found

C:\Users\Admin\AppData\Local\Temp\458cdbe6a7645633cf217959df60191b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\458cdbe6a7645633cf217959df60191b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\DFD259418009.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2964
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2268
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2188
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2228
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2132
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2832
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:1940
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:1936
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:496
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2920
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2824
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:572
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2164
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2884
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:1680
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2748
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2768
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2228
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2460
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:1588
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:868
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2624
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2312
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2500
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:1852
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:848
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2180
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2000
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2508
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:572
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:3040
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:2132
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:896
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:3736
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:3644
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:3272
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
    3⤵
    PID:3516
- C:\Windows\SysWOW64\dhdins.exe
  C:\Windows\system32\dhdins.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\DFD259418103.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2192
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:1488
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2868
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2440
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:1328
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2116
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:1740
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:828
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:1676
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2648
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2320
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:1380
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:1660
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2316
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      Drops file in System32 directory
      PID:1324
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:1972
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2832
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2420
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:316
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2344
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2884
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2416
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2296
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2508
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      Drops file in System32 directory
      PID:2532
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:600
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:1312
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2976
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2884
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2132
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2620
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:2932
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:600
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:3128
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:4052
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:3868
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:3968
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
      4⤵
      PID:3696
- - C:\Windows\SysWOW64\dhdins.exe
    C:\Windows\system32\dhdins.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1236
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\DFD259418181.bat
      4⤵
      Suspicious use of WriteProcessMemory
      PID:992
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2472
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2348
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2124
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:1312
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        Drops file in System32 directory
        
        PID:852
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:1772
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2292
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        Drops file in System32 directory
        
        PID:3012
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2620
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2496
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2184
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2384
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2768
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:1296
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:1340
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:1664
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:1944
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:804
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:1664
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:1848
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        Drops file in System32 directory
        
        PID:668
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:1548
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2644
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2732
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2872
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:540
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2764
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:1664
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2724
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:952
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:1972
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:1936
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2108
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:1296
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:2852
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:3484
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:3180
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:3456
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:3844
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        5⤵
        
        PID:3536
  - - C:\Windows\SysWOW64\dhdins.exe
      C:\Windows\system32\dhdins.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2328
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259418243.bat
        5⤵
        
        PID:2660
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:1112
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:2444
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:1780
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:2276
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:1016
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:2508
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:900
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:2708
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:1276
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:3068
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:1332
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:1100
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:2100
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:2140
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:2320
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:900
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:2056
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:1944
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:2132
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:1276
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:2680
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:1536
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:3048
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:668
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:2732
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:696
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:1312
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:3064
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:536
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:2684
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:2508
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        Drops file in System32 directory
        
        PID:1816
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:3564
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:3256
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:3232
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:4092
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        6⤵
        
        PID:3108
    - - C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:1988
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259418337.bat
        6⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        Drops file in System32 directory
        
        PID:2696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        7⤵
        
        PID:3648
      - C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:2208
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259418446.bat
        7⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        8⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1364
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259418555.bat
        8⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:1760
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        9⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:2232
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259418664.bat
        9⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:1296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        10⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:2484
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259418742.bat
        10⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:984
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        Views/modifies file attributes
        
        PID:1904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        Drops file in System32 directory
        
        PID:852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        11⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2688
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259418851.bat
        11⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:1296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        Views/modifies file attributes
        
        PID:2684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        12⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:2576
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259418945.bat
        12⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        Drops file in System32 directory
        
        PID:2836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        Drops file in System32 directory
        
        PID:3628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        13⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:584
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259419007.bat
        13⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        14⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:644
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259419101.bat
        14⤵
        
        PID:892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:3728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        15⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:2940
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259419288.bat
        15⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        Drops file in System32 directory
        
        PID:2796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:3688
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        16⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2920
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259419522.bat
        16⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:4012
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        17⤵
        
        PID:3728
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:1876
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259419725.bat
        17⤵
        
        PID:988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:1296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        18⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:2396
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259419959.bat
        18⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:984
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:3112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        19⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:1332
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259420209.bat
        19⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        Drops file in System32 directory
        
        PID:2180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        20⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1860
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259420552.bat
        20⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:1296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:3720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        21⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1268
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259420848.bat
        21⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        22⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:752
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259421067.bat
        22⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:3916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        23⤵
        
        PID:600
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:804
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259421379.bat
        23⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:3704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:3268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        24⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:308
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259421706.bat
        24⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        Views/modifies file attributes
        
        PID:2932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:3188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:3212
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        25⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:1848
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259422034.bat
        25⤵
        
        PID:900
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:3112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        26⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:3056
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259422408.bat
        26⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        27⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1480
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259422627.bat
        27⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        28⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2776
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259422970.bat
        28⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:3124
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        29⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:2636
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259423282.bat
        29⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        30⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2904
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259423609.bat
        30⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        31⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2440
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259423875.bat
        31⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:3796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        32⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:2836
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259424405.bat
        32⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:3556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:3248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        33⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:1772
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259424842.bat
        33⤵
        
        PID:496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:3204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        34⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        33⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:2052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259425357.bat
        34⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        35⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        34⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1760
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259425918.bat
        35⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        36⤵
        Drops file in System32 directory
        
        PID:3888
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        35⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:668
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259426464.bat
        36⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        37⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        36⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1040
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259427041.bat
        37⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        38⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        37⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1692
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259427509.bat
        38⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        39⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        39⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        39⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        39⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        39⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        39⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        39⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        39⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        39⤵
        
        PID:3112
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        38⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:2180
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259428071.bat
        39⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        40⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        40⤵
        
        PID:868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        40⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        40⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        40⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        40⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        40⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        40⤵
        
        PID:3704
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        39⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2176
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259428633.bat
        40⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        41⤵
        
        PID:852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        41⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        41⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        41⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        41⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        41⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        41⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        41⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        40⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:2724
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259429069.bat
        41⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        42⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        42⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        42⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        42⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        42⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        42⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        41⤵
        Executes dropped EXE
        
        PID:2252
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259429584.bat
        42⤵
        
        PID:572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        43⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        43⤵
        Drops file in System32 directory
        
        PID:3612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        43⤵
        
        PID:600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        43⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        43⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        43⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        42⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2508
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259430177.bat
        43⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        44⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        44⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        44⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        44⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        44⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259430848.bat
        44⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        45⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        45⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        45⤵
        
        PID:3556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        45⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        44⤵
        Executes dropped EXE
        
        PID:1664
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259431441.bat
        45⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        46⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        46⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        46⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        45⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3488
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259431971.bat
        46⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        47⤵
        
        PID:3300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        47⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        47⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        46⤵
        Executes dropped EXE
        
        PID:3912
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259432283.bat
        47⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        48⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        48⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        48⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        47⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1972
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259432969.bat
        48⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        49⤵
        
        PID:536
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        48⤵
        Executes dropped EXE
        
        PID:3368
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259433562.bat
        49⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\system32\verclsid.exe" -r -a -s -h
        50⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\dhdins.exe
        
        C:\Windows\system32\dhdins.exe
        49⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3732
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\DFD259434186.bat
        50⤵
        
        PID:3768

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1937208515149193345-535500227-1325770692146914662868405231612036654662065348244"
1⤵
PID:2220

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "517544822-2661362441642677058132379851238418988320990710692451098011624287876"
1⤵
PID:2648

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-365349272-600328150-90994252-1107948913-1916914797-847820127-460632073-1221836417"
1⤵
PID:556

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1466782500-1116176453-118895404-12483293301255650517383362328-29432078162124594"
1⤵
PID:984

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "151239812361305010-1466542944-4309411111587364002417857337-1501036124-1727390686"
1⤵
PID:2596

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "70225490427749152313985081272024564635590074129-10422179531343705726-1384571669"
1⤵
PID:2164

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-440797616-782609860-391484249-2619912382072984756-1298262559-2085935602-1187785778"
1⤵
PID:2056

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "107576478814888287225521500-2116664694-10817354121345498147881821451513316469"
1⤵
PID:2152

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-5254645702005115874-946006876-1792199898-2110396651578023288497734568143811210"
1⤵
PID:2496

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-4794895791969899959928040108-244134790-158954640018869108451851244041185988832"
1⤵
PID:2552

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-846101784-3040973687213376792045989472-1321946392832349919-15058100472141873215"
1⤵
PID:1588

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-4028546227239582651207451974-1116325219-419731807296874325-1237285852969520491"
1⤵
PID:484

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2044470113-126949984119347257751815571442-238804103-1665941440-1516695441816189627"
1⤵
PID:1488

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1865371907-1575432748738762616-465536544-1381188637155866775119068249271483579293"
1⤵
PID:696

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "813188625-1652822690799188557175254046679256077016215487399968519631968225049"
1⤵
PID:1852

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1535293062-13339761301241910951-1223959732-1084922283283854479300572700-1606054723"
1⤵
PID:2748

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "765590188-84950182810121882911696918853884074409-1601178270954535216-1580549378"
1⤵
PID:952

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "21300969125337728241873183848-1012889656-1901289856-16921229921084674124-1348513511"
1⤵
PID:2248

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1938768069-63115932945458124128623229242026406370505253-1144338091-2110912801"
1⤵
PID:1296

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "52151873410985087001940658560-1782392455-630222407-1153159810-1050168476-1965072173"
1⤵
PID:1536

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-670606671467978221-1994586529435881852-1470076901703808935-1315322182895912812"
1⤵
PID:856

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "180361418710294295492731284071527692450-205678649221747803920052597031151157573"
1⤵
PID:3900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\DFD259418009.bat

Filesize
176B

MD5
2afeebcd2748d7fe6a9deb1ef8f83046

SHA1
4bddd82d8955f53a4a8ca922286e02858dbe1eda

SHA256
c0348f6f1c884212db58ebedf50a1f852712366063e5e8c3ae9701b0b4f7e731

SHA512
457f362c884681eb306f6c8718abfdc468eb2598ef46a9740381cb89919ffdd34f5e2fe15967eee3559de493f12d5abb6959accc395037f3f8e15e06f13446cd

Download Submit
C:\DFD259448585.bat

Filesize
332B

MD5
47ddbe32338a07e98ef86e2f6680ec03

SHA1
c914c114eb7fb83f61ff1261dc67e4a7085096b7

SHA256
970172362ddcf8b474cc106b2ff42c0109f5783c8d1faca09fd30e082e31965d

SHA512
a2446c02c52502a9492c9273c0b5c696a073e14d60a5d1492a914f4fcdb77842c94055374d87f3e991c2a78786fae58a365f2c71fd67338362fc54e8b498adbe

Download Submit
C:\DFD259448710.bat

Filesize
170B

MD5
6c2b01f77043f9c7dbc252c812c8122c

SHA1
5f8bc3a7eefbad7dc7c2073d9792a86f0d99ae00

SHA256
9ae7327421e2272e265bc43d439c2728a1288c8178e0b5fb2e888ffcf2f92413

SHA512
31f68866f3ad15642ac4ab21ed020df5fa58131fb58b45886fdb4886dac7ac2ed32e60be07b0dd17044061b4ef8abba00015f93bddaf9861deeab9f0dc8069c4

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
0a1b9e73a8c0bc0ac3d7376f0343fbee

SHA1
3c578440a3964106c11867729e90b695192e6f52

SHA256
388a63c1064133da28550c6c33a20b121ff69ed023bae677a43fb3483588d3fa

SHA512
6291cec1650990a475ca0817d536bd16db4e6300bce0088da441223645adc92da3fd7950b4c607d1b267c2b26a68b034761ce712523d8505cccdd87dfbff5171

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
cad602bbe6999173909ffdfe600fa45b

SHA1
04a99f1e346fda3816ddd780ca41e8066d7947b5

SHA256
fd3de225680f1bc5a66b908cc64217eb5bf26ad5185e8567edee89fe69f05ad5

SHA512
3aca73d677f361f5e8f9e3f124ea99fb422b9cb48f2811571395519e56c53563588b83dd1d51bd2cff24c257491f745fe8ade04b4917816dde600a25603f6661

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
43bfcf2491c62399bf817a5c6f1db564

SHA1
67dcdebad62765982a074e2ab478db65bfdad083

SHA256
ccd9939fa2799609f5b0383af289aeb9b1d79d7db538e09efec2babb4d23581b

SHA512
16856bf6a1d4a08f6c879d5cec8d310f4ee500e7ea5e87412ceed8b13cd095219b87f7cd17c68845eac639e05a156f3df89805106a3dec22d2eddfae6e2c79e3

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
051bd0c620082c8117e03e88bbe413d0

SHA1
1e5031c88bfa724607535670d07404a9ce26f00b

SHA256
c934edd508890d2836134a3021e44337560ec94fcc330ce9f28c5d3c881f89f3

SHA512
3f3533c4f59cd218b5ac56b821286ea229444f6a9ea287513317942bd427d014c48ae16fa71537f8e5c9c0c6900fe7ec793f32fd8150c1fb2dbd2ff56b543a74

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
71693676329ae4e868292a8f707b239c

SHA1
f3583b059f7341a00f8bfcf567d2c063f570c206

SHA256
4775368d88c55c8c3d8238e95d1394ceb9adf9d17a4df77a4d6d2df08cce9a74

SHA512
c88241a6495a7a9139671fde60fb837dfdd917a5a75da7c66bc828fa295d129178a6bdb8a61fb94519f121542c1eca03952c41fe615021fd7709a339800917fa

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
9383770d301ac68b241524901fcd21ff

SHA1
e02c0c4e579c0d5e4c8549ddaf703c98b5ac491b

SHA256
00c2188a1e959c6ecd6f95fffbfefad22c8c25fc38d2f5353a343cf45bfa3a84

SHA512
de7178279438343ed2f687367e462f98a3b516cded027e8b623d7467452d30cd0941ed86cc07326248f4cb7165e9680c374df39312fdf17dbee1b5f616224262

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
ee5f49602dce75d3a544baa4cb203ed7

SHA1
2672308dbd469ecafb11d15a38f4f7819a808f52

SHA256
387a347247dfb28f0274fa8ce8944975d47c5dc403d523d2ff034276f12257e3

SHA512
b334445ec303f5c3b7d81bbac720a5b82f0042fb7e468a3efc8b3d343399e1524a976cf684de44bb3298aa1e41452ab177e9c99b56bb6844ee2114759e12b208

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
233B

MD5
0bc4351dce80352ea66aeb21fa36761e

SHA1
605a1b7ddd9b764e6b80fc36fc2addd284291e47

SHA256
1bb40db7e5374421c83c87374ff77ab6893372a035576338f7f73e5a09561de9

SHA512
e8a31ca1cdf666347b2d63a71876ed43160d45cb85b6b0607a68a4a552bde62f0ec198bf786634b682c46ee6a98e8dd9866cc539e3342ab69ecdfc2dec62b981

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
68ff2250de178a14183d7fd4c5ee9107

SHA1
0467a131036dcbe5ef3bec99eae908c9d45c6945

SHA256
5fe5dbd22fb233d58630a842ab024e790bc09856c36c955d319d2b00d760fb14

SHA512
119991895fd363d6f6d2eccfad4c873e0e696e2f8312786566c4d60185a358dfcb48096636e40caa5add5490c6f4a6cea5949d42115560bcdca5421231708fce

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
38544989389270141b57b2e8337998b5

SHA1
8744dc8eac63eba69850a68071095d5f02f647bb

SHA256
7eb557553b75d94b852bc18f030c1bc4ef465fea577b8fb86767bbbcc608bf7f

SHA512
88e5ea4f68e17667590e3c6d7674069708374c3fbf0ab1386d9ca3079cf73c11e3a2418c0b9303c9e1a35248bef38800625c093ee72d71e17aedb0dc9bd05b7b

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
26f6b7a91ad78a836b4373db49801a6e

SHA1
996e7fe7a93a64f6fd9240ceac27ebe00a592162

SHA256
b61c57ceae8efe4ffbfd0d4859c3a4354d2368036f7e7d000a4c94442ab5e1da

SHA512
389231a6e0df0f7e64ca72047297e0e49b8e715846319b08d1edafb05fffb5b63bc247faa40c4bc76bdc4733f4139b065a3c1bfcd91dccec723f3848bc26fe64

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
7680d2d7836d0aa2ee52204d8c4028d9

SHA1
44ef1141c551498294f818206a47dbc8cb074b26

SHA256
1be7b738abca5567f6f21029b695ece70ef59669e81db5de085eaa5cd77dd0d0

SHA512
e29f45cc632938bfeb7f515ebb59788cbf9db8ce25d8b678a53e44dbf429aa0b8274adb8bfd1a7e4383d580a92831dc7d6bbc21a586464dca945f95dcb6d2547

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
5c8604edb197fe12f6e83fe903a7be15

SHA1
afb7e49c1d3c02d3ec011d4822f45d3dbed6814d

SHA256
e36b76b143e3b60f16f9653050041de6d02159e1f12b81aa98e7ed47166d8d12

SHA512
549b1fe5973b189d52f0d7d4f0ddfa270c4e335a4fe77c9b2fc43a06bfe2e13abc48ecf0fdbd01f1572f1ac47f34ea879232ebc7512d150ee05a52c04fc5a6b6

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
2636e688b0527339135288fc00644993

SHA1
87ae6a323d1c698ab5b7458673f1698ab9aeb3c3

SHA256
0c8dce15d3352295343ac020bedef264dfd13f040126ed7fe5a4c3a11847776c

SHA512
64149572dabbcfb4d4ba40fd081aece85a5e0622326f8699ed31664f066fb538bc004c49666733840acdd0bbd07d234babc4a2be34ca73fae01b602cb943c078

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
8e954060944c013a5f0a686f9ec78228

SHA1
df17707a8a45f98a4319de744da362a83c19501b

SHA256
93d70a193681779426b1b08e31965a209fe1bfceff5524ba93024ac28eccc498

SHA512
d482e997698b3fb83d519223443b70a4336c62c46dba76a2e8cb585d371765a1e1f321a9a863e66f0138c8ca735f3eacc8a3a3d77ce53a8cdd6f77244de55cfc

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
505cf96a5b204c6e40bf90cc2a8cd8cb

SHA1
374815e396ffc8f5e329e4e9ab34d0f66130a7f4

SHA256
08993bee3382916c7b6f198b8715a36c61ae75a30eee3de05d638536bc85242d

SHA512
f6a7723cf2d0acd4b14beacb3d9065b9fa8ebd7f919cc6c7fd801d5a4440f21ca726a5af8677daa0f7886ed9a6d2ac9f0164fe508fe782c563516309084628e7

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
bdbfa422a53b66aee3a316dc4c41c3be

SHA1
efe43dfab5111e6272536c2b4de498bdcff7b655

SHA256
4681d6495c345206c606d1abedf53d5548146a133ab37ebd3602414e9c58ab64

SHA512
bbb2fe2ad07e050fce4c79cb623c3e999d958c2c87660582f3af0682abce3ce7ae83d4a842710d58fb3ffc901f70dded894def8f63235e6f111849c516f1f850

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
0c87ea759c0cb332583ad0f636b5b1b4

SHA1
17d255b9a4581cc125ba1e263574c45fd03b866a

SHA256
0be5d47491591d6e2ee8fb548149515fa7f3c6a49180127615e743a65620050d

SHA512
4494470ef4130b461bd7de8e924d61ebe700b473d037a5ebb80c77f23da67dbf586e3f35c97c925925a43e5432b32a7b94099eacfa8113a2a7cc451cffe56f3e

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
f9201d4358e19f8970e4847854df8599

SHA1
525d552924e9a4035766a09ec2de6e2d978cf3d7

SHA256
b1bb07c017efc60a682c2d797aa9a1927b704642320d74730ea2ed5eba39b2e7

SHA512
140f4c4d6233565d70ba579ae2b2ccd33b0878cbd1dcd0e1ecc9226e39e1ffa3ddd63c5d8f608b625d43723c3f251190b1658358daa27b5091d9a98cabbbcab3

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
fb9acfe3e789231bd82a3a0cb8776a5f

SHA1
0c4034f5e90e4f67be1ba423f0c1426c89164251

SHA256
223705b3f32803957a6cb11b8daaaeae9c924f4581fb1e41f1b2b3b619a9199a

SHA512
f7366befdd156cfc53a578dacb38a07b89633cb6433cf9dc97ad00d314d5184b2508c34716d36c374793d927bfee540570b2e7c48164e8effa9cc118a156bb2d

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
278B

MD5
419da41e48567af1e78415e450a2625a

SHA1
0acf550c42b27e76e73f3abd328817877ceb77ff

SHA256
add57dc6dad6011f322c51d54b1f25376971e2980b35499ca25aa0d25342259c

SHA512
f067dfd186fe783e26e9474feed5c75e7ec7c0a1eb972346b5f5ef6d3240769a84328cdfdb413f5a1db8e6b791cc15e2be3d5b742c93469ece0d35c324f43903

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
ba17c50771ff42676588c221d8f92760

SHA1
c0f8b213748ccd84412bceb3b0860c7093c3f59e

SHA256
19a59b16e0d5b1b380f16ddd7e056978a1497db92bb15a9429daa00d65e9f6be

SHA512
03865039af669b8db7653d03f106597cff0dd7de5ffa02e752b5dbbf1bd4d1378afd1acf9064ad22cb630d4f566cead1c003bbd7b4dea8237a2b41c60f2e7ae2

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
db5c934aade3ab22bd8df2925fd6d3cc

SHA1
85a3268cbb9ca384261fdb07bd466ebe09b8aa46

SHA256
be19d60c0043613505bf76154a8b35cd8534e1b279db63d80e715dc129b6b334

SHA512
7195a8d887ccdb954bfe9ef8a9c73177f35e2c48d2c9861e19e9a47ff489707d134521f3bbeff66f723ff097858bb262620fd8381490a317fe61f5a9916d0158

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
be34cd729ac5d179129ab6af19f88cf7

SHA1
e28b456a47241d41e0349c05b4ccc171a0289c1f

SHA256
624fe2c782218069938eb49ace7def2d62a4abb6ebc0d330892568146c8dd3b9

SHA512
fadfe76f3b609b90a39fb7cbd2a693355c7d9606dd8881718ab6d16b816bce64d813943b06734a80dc99b8686f50f223f1fc1e5c74952687f4a54d26d596dedb

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
7c0beb2c15b84aa40a53abcb724a23e4

SHA1
c4c721372953b2eab41a855d8bcb3b8cec6b0089

SHA256
ed9f0adb0d6d895d7ff27e82231b16563aa596829b29f8d986e99eddae9347f5

SHA512
67fec4fd98eccacfe59cdf03efb3254ed4ff32a72736568eaec0c9d7cf948fddf3c855ac6e1d8e2cb10566ae3f16f7af384a90e805b1befcf2b0f48ba0b83780

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
279B

MD5
cf1805132036550f982370b42c81d3f4

SHA1
e0905c7ff50bacdfb8204caf7c4b026073f81fb9

SHA256
e0a114c21ad45f81b883448174128456488fed885e39ee204d8e31003ec8cabb

SHA512
8cf67375b8eb1b4c8b2b206b147d5704b06918b68f2f9c0da4e8e234d07a7e345fbc6f480372f1b8cd85415033dfc7086b440ec53610ff180141771a47a089f1

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
ccbe91c33f569fd445e10d04b1231918

SHA1
2b4b43a6b867adaea7a44a350a812c2bcb9085e4

SHA256
c41bce29c3b074b8f6881f460ad842e98aacf2260a49d32322cf3cd0455bd695

SHA512
12a1304970b93416931455ee565e125aa8264f14c77b1e9f6af73228a713f3b42a45172886ba13b867c074f2842692363b109f391f135c99913a5d886d38395c

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
2ce088f5f290bd2f65d0b358e1030a4a

SHA1
9413e09f434b09bb6fbf2e3ee5afa7beea2c7bce

SHA256
94f99b7442cf81f461c3964dff065025091781301f7a847d60cc810bdd5b556a

SHA512
62673a9aceb16be33d4158606dcd690ed3e67d61a693be9bee20b0688442fe8fddcaaa69a7fc0016750290594056912fa081d30be7a52a8a3f66eb46c89c8833

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
3e6b23a8ee07f7c194ac5af4e4a0dd1b

SHA1
213e2b99f64e89bc8600ee5d5d154add8a55ed7b

SHA256
17b75e21175c6d2663826356e917ad6e788ce0c89f8b0fb862ffc57d416a7e38

SHA512
3865754fe5ea288d2804d06c508b062a8f19a131473ceb66e4fe61d7ae4030d9f80b71bf3123e6814b027a657fc4fcfe14fdff418aa26a4f8cd7b522baaeef89

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
b0fe54fdba89c266199d049b38d0c607

SHA1
1e3dddca76295f2d2b51ef6503722abed5ebdf9e

SHA256
7a2ef10ef03f23362a8a4f6f74e48d3c9d7ed048eca5112cabef89dbde437e00

SHA512
67eb2297e2dcc98b499d7d2e5aea6d63bd16611f72c49926c88d7ea3308522390c5c895f43cfc311e4526a8ca7d6546e6d056313972134c88a2897541110a83a

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
dc9dacde15cf39cc6063d948fbf24489

SHA1
40c86b9e142c890aa2f7e6a4abab43bdcfca62d1

SHA256
85ef8d735dff5b6bada3080426e7444e0a4b0ebf42f02d3294d84a84ed39943f

SHA512
12fb5b16e0e8a4d55786d4da8675abbba2ba1f1aa6259536716320de664fe3e602446e5ea7f68f30294c74ab5b522e961691397b10ec97aba8e0c73bd9cc6691

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
368B

MD5
b9eb63cafb0f0b33930eea7955f9c3c9

SHA1
7b54a6c913924d68281193f6c83dbd21f983c0b9

SHA256
755ba349be072764036741dc09ba480484303ee24d1f72bac8462061e0b71015

SHA512
9f4b81dd0066bab9f5e2dd2fb0c8ce7e1edbe44efa6881f28355b37e7ffad0a355c92dc235985c7cac0cc1cbb93f1871a6f94a91235acdd26b7894fdf55c95be

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
4611e98dc54477248e984917146d08c1

SHA1
2b8682605657f17af96a6d301919cdcdd5cee00e

SHA256
092a2ca3516913933acf1c1acc7c7fe48837bd59ed279c085a7ae3327bc6023e

SHA512
1f8e79c6b414ef7d66d7cc55586291209622e7a48490833cbb091e94f881e4bde0562989b4a3358eda52de754b8589ce0f1ce107244854024f851957dc51ed24

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
883825eb6eba1ceb388f3edcc09e6b0a

SHA1
b9abac56cb445505c2ff3749c67bbdad6890cd63

SHA256
3932ce094f18ae1d86bd8325536735e6595e458c26dc532e8ab772d88fe422fa

SHA512
771700843acfae45c41732c8c3da2b3681deb7bc9e2040fcdd2180ea4c9589e4ee9234aa1ae6d0141812baa876113f8f1b593cc7dd9bc770cb1eac53034601a8

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
ed989a3e3bfb7f62ea36ccef08e5bb5e

SHA1
10be5d4550a88eefeb5f1f7a588ed5dfaaf73c91

SHA256
e54970920f71d3acd81752ce11f726a1d874215b6aa0a308103da777257d45ac

SHA512
28d26982095dc8467ada50d0a7c450d67fecb228c4e94be5c595a91bddfdd6863288800aa1de6db5c509c72099fd32dfdda0dcc9c0fa0be98a23596d6ec06fd1

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
413B

MD5
1a32b499db49c24d9c06108e8812469e

SHA1
a31aaba1d49f9d97ccf58df2582206931c879647

SHA256
35c2a575175a775277bd0329f5f29bfbee3b921ae43651be94a0319c8b131f04

SHA512
b9a05661fd7d019b7929079f17eca05fae358503c8ada02bca634cd54a8ac4da04a6cff671e25f3219f221996d7f08f470c8d3e1feaf39567a61220311e1a260

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
6919bd7de14c4e98a034d7ac0e46fc68

SHA1
4bab4e440335b768f73b0a8a750fdfe1d7a8e823

SHA256
49b5ce6302a962ef63797ba80629f4e2cb3886eaffb56cfe17e8fe99831494af

SHA512
db471f4d9256cbe921d47a76e30d059cfa75902f2aa868f3ead7340563c282fbdfbbd6cddf44356494d3032b286f3bf1f3caaba49a0205909c1dd4dcfa532907

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
58f2c6e6b75fa836ae6ac28b3928b350

SHA1
c2fec9de0c841da96a3f2355be6e671b1ecfd6b9

SHA256
625b9306248e93e16e5e7274f52e8ef45018b8d9ca439e92727d1f44cb0839b8

SHA512
2cbcc9d059a87c70fbd55a0153d696a3ee490ad88c54ca71c5973c773f4d3b267a85566bb696078c3b305541ed937ea31a640e1e21bacc5564511a52aa49e88c

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
3ccc0aeba1382b54f40404e8c5eb8e8e

SHA1
1b58d360e860700cb238ccae488236fe832986dd

SHA256
fd6294eca7b3855e615231dda5b6d41a7880db0d317bbaf176775a604b441912

SHA512
a2de5bd4425235194216b7ebb59d696be78636d2761ee4e7f327a40df4f25c72b075645bc01e7b10cf8cad467b507a24b60f432982e9e9c6adb4b7968a31279a

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
1c647c1e32a51fe4fa736133231c1d3f

SHA1
9e4b5c617a4ab3513a9f722c62d5582142053f41

SHA256
1dad6cb51a56f3590cfd38b0a5f3083e0df0137bc8e1f54112ef2402a8548137

SHA512
bf1ce991cf29105810378f93c92bac7d0546dbb74bcd1ca2893ee6f7ae4b1ce4b3e46644b1abe4d36d988638485e441b17298bf810b012d15c4661dd8225021e

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
55a5c172313ebbb94c22179165e8c3a5

SHA1
8700caaf5a3c22acdceac5308ed2ff8e691f4664

SHA256
d42e2d22f456df1deda187ac44b40cb33306fff5d7509d5f77ecab042d34eb5a

SHA512
5266570edfc63bfcb15e41db85bd22a79470429003e8deaf6ee4258ccdeec528442e75d497bc6aa73febabec05cc3d029d4493bcb4225cabb6b821b7226f1a81

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
c32f58b2314edd0633c363d3fe1d3a68

SHA1
3565e9d4c42d9653c40f1cb717f6ccef6ff547e3

SHA256
44ac26d0bd89c900c9457b2497c32bb617c191a7431baeeaec61a467bacfda68

SHA512
9f0fa3800026f5806c018d50d29c30155ba5ae5560bc3e84d08bfbf8e9d07883251855eb853268fb3a2294b5b0c442edd7773b34c28a49a03fdfef4e39d1ee68

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
459B

MD5
7e19389c95b335c54e19ebda37488a56

SHA1
4f0e7b3202de97bea595252017202f0cc76ea919

SHA256
cf5efcb9d3b88eb2d018efd3e488392dff79eedb7bf45bfca323e6e4e413e7d2

SHA512
a13576baef5df57c2864edfc8cbea722477fc8583e8c7023b952e1691f22c7c3936c85bed355fd71e6430061dfbbccb43581484b3e3044284ab9b035cb1652e2

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
67943fd90590f9da6e0f030c137e1122

SHA1
b6dd9106024f6579e0ba3d5f909de6c152c4a493

SHA256
cb7bdd7f36e38e3a309a241f73e2fe289b218c33f64f6d974ac999024d53c693

SHA512
596db88568bc2d7b4a15c388185eae4e05ebb329be9e6f6b697091f44c05dc9601c9877439c19982c58bc0407023255bc4245dcbdb2282aaa85abeb3d1519013

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
7106369a4754e8af0d52a876ed908314

SHA1
04c2d25613d86ff552d0c8b603708deac63073e3

SHA256
5b0e980fb3c421aff1d0f9f9ce49cc58110dae37b5b6a7bea22eae25b409e861

SHA512
9673ebb6812a8a810c4729f436ab200e71e67effdd5a3f1f86d1aae3566eae734ac5a67e865c73fef8315ae7635f2874abb0badf0c9cd81d9d0ab14e9eecb366

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
28fb76fbf08e6c36028f7f2d2fadaf4e

SHA1
d10bd7a5fd9adb24e1940baddc89000125866d78

SHA256
565a0e31021acacbdfcc0f78839b350f2167c024d661b317ade361faf5ad063a

SHA512
4930f8713ee8274dbde26286fda4878fdd8687a10a3816b31ea28de9c5f52e18c118440582a0f95395c687bdbdfce05664919a3ae23319e8ae5f7a96c10a7e26

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
f7a850f639fe53ae4a3e754bad8410ec

SHA1
d1f199753e4a273c984c9558b69ad721b8034bc6

SHA256
7d3a482b05619a56b4f21b7dfb48ce39bdf7d915d9d9fbb4ffd9efc8c0366e21

SHA512
cb5ef44db79e8fc1bb56b3a076c2f76bfafb2410efa7f7f42d7254257fdbfbfab925f8ca2c497c078f5e472a2de7a8e5b108d58d4081e3e3f66167a334931d3c

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
6134dd123bd1568e5365655123a8a3ff

SHA1
064e0900538bf3e342fed89a4124d1f5e0e7466c

SHA256
c160d7d6687f4aaf5ad704e8e2de67157d8cad669554624bfbd4545e34955bb7

SHA512
9d90ac6ac276d79a52dbb9b1a3ffb364c13b0f1e34d44fbefa09f241564ae198eab150f3550074a932b350571358db950a94a12d556d8ed089c3c6c264159dc2

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
505B

MD5
fdd97eabe989cac11c326d46bbdaacde

SHA1
0466cb261b7b8e5c4d064b902ce1311207aafb27

SHA256
e00bb0db472feea3b584d54ad1bd19abced85f40e5f330ceaa6d4b6c74090365

SHA512
5d44dffeb3b688f56d769f93674bb1b6479d60a40eb3a9460f11dd03a7594f57b1127aa388f2d4f6a2bd5675e6ca5752bbe8687444201c6097eb04ee0822100f

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
269cf7343a1350575df0b3321d39d18c

SHA1
007ae700b086a58d97e0f1a04d4f4747413a4775

SHA256
760f0d612294980c8ea84108efe5774ffa967d46526caa1d948e39d41d8f2c71

SHA512
69c9ac7bbf06ed98a82e434c02e70842796b086ac63ee7e53471b14cab81c0e156bf611ec6a61d35972fae49484bc6894e849833691c1742c0f5436e7d0e3d0d

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
04942fcc93f182f6cf2278f994988834

SHA1
4786446b481aced6af9b9fad7b56de4ddc4cf1f5

SHA256
851b8a8736b27d1962481dfe2e5c76a694fd60b8a7480ee4853d39fec5bbbeeb

SHA512
5c543f1f85199a1f9ab64bd933ddcefed0c54437ea579beea6e3652d4c87bcd9ed80c74e76a7f5369884937900a29ead883f5641c3af283dbfed03e2e973b70e

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
0b729ebe58d09f8eb8213a7c38ddd131

SHA1
0c01f49b274053969ba2cfc3b781674235ea4100

SHA256
91f2869a48afd3556e8c936f0ebb4d85791abdb8aa02234d8ebea7f6f55c5ff5

SHA512
5338b95e7108bd17f3ab4ce92f6653ec535e64ca8b3a5040d3c2e8bfaab622c6741743bc5c926e9edcdb5035ec9eb49423c0827ebde591b413733d6eb209acf9

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
573955ca19c6544038365a818ff40700

SHA1
4f54eca40209f4e48e9d14df32d14c7d2ada8929

SHA256
b39ffc8e9761b851a2069cafa55a88b0e9c842f9628c7e0fa21cf27858fed236

SHA512
eec41cd7e6e736698de4acc5cf65b229da9de1b69d787583587e9e5a4a1ba27a00463fbaa67e8e8063b20f46a79afcb0d49cb6b2212feffd14da217a7cc40ab0

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
a459da8b3004713c66f0f3d4601cd1a2

SHA1
11fe1ab298a5ed5f79fc9e99f7890db8cc873613

SHA256
ce22f1f9e757e467a0ca3c7a702ff4678f6c98591ceafc7af84af72af291064c

SHA512
861f654fdba9c06039576bd4d51abf82aad2a9717988be6e19e4abe9a61f71fb6c4188fc93d6553a3e2500c31bf57363e8c4fcfe5d0d94d83a093cff3c593983

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
506B

MD5
461e6310d128a8b66a4508e569facaa1

SHA1
38d772d8b6a2b92403ce083e3f2f794d5735da35

SHA256
873582a5aeeafdf90be9d413f514ad57bc535c6ad1ebb28d191187f87f51e195

SHA512
09937a8b0a77bd7f64bb3dfe7eae607f985d46f354619c0e53d5d8b6a6acdeb68a748489f06e583b3b5f3b881ef1b5d15b9e18c7d462e1e644169aba704e7599

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
ee6023ea27dc3446ca1f92bb4db120be

SHA1
b29d558fc5e0ba89a815229fa5049a6fef6e935f

SHA256
916b14703903300321af9ad0f5cf81ece8f39ecbc4ff30bee231d195e7823fee

SHA512
6e40e6a17765424bcf0285b3624f1509230acf044303f1d613930699b59c3c881fb8eee828c3d2d485831fba5544982ec7b4b2f6d9cda862f653dbdbf1396108

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
551B

MD5
a7bfb3365efd8bbf5caa048c4e49820c

SHA1
9f57546480e572af8212bfee9865e564789c39cb

SHA256
832a6d204c65d888298cf9cd201366f41bc55711807a90519e7b79c4d9539ce5

SHA512
c576d3949b00311fcd253bf70d9df85d070a0f8d14c48cb4624f1eb4649e166ca14f038e11c566f3897da693e141121cebc3c246a49e9a3c8d778eb9bdfc672d

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
c6d50378f81a6ec8622babc8df634e77

SHA1
2a3b4f8bf018eb895415438d79b1c657d80a639d

SHA256
b9eb48d03ca9b483b607ccb700354ffd6f6d0b18182796e4d4b1627b8850325f

SHA512
e7e9aba6cf806ab09239a05db18ea51a36c928932baa2700d95fb5ba3bacc11bff9822aa3d1b280ec631e01fc4f2181f4cc080a03775d30a816b76cb4cce9941

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
98B

MD5
a2884d96b015c95aba9d96de0eb16ac1

SHA1
fc951c1b05d85ea136d43f6b532414830cbc953d

SHA256
73b209776a939ef387c962b107c3954308fa0feb6852c4c9a107f9e90d661a87

SHA512
24a4fab320746ee2ea52e613fd46133efb83b85e373aedd0b9c0c7de28c6252860232535cad0c96ddc65ef2943b4796ec96f5b221ae82c21f84242ae43f594b2

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
e0dd0f854382fa824ade8b18a5001069

SHA1
7094cbeaec4001126910c4611cb4f689620287e7

SHA256
9d06b8482919c3f2a91db7c098b42d6a6ce7a234bfc3f4b3de03e482f6c2e5cf

SHA512
0397392a0f19f07343a590386beacd3793722e5f24c4eba1c10cac3c7c9a18e954cafc630cf308f0411de880a75c8fa43b4257d1f78b37fa0dd2e9f956a0af4b

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
52860bd6c2e86718060214aae601bc28

SHA1
5463067cb87b28dc84fa9b3242564c8e75c6f008

SHA256
5b5737ea589f6b90a185be952a698240bba1b262edd46dd181dd0ea996420b35

SHA512
06f37632fe29ff0812f2401d11ba82bfbe7b0def060ed2c300c3111f74b026050d4ed830b803e73654dcbe4b706bd4f2efddf808ee7126e1302a55f491136fc8

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
552B

MD5
324bd5c7ac8d0f119fca659a55e9b8cc

SHA1
9d0a94b7f43a02862b284f2943e2bc52cf7d90f8

SHA256
ad48dcd760429cd2046e1ee2f023ffaa1aa7bed6cff313ad722be55c70004d60

SHA512
727674b2fc226b1aad3fe7223bb14516c6547e8ae13c619aafe9567f3699fe6c2a2542b0d610b96f1d4db2ef2eab728ae6898429bcb459c2ba4a9ff5bd102e6e

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
8ae7df02d486cc18f9dbb70462b58c26

SHA1
d667e6e623d578834af2f5904e98ad5647783238

SHA256
2bdfcd11d65062cb77ec7f72fdefbdbd71ad89b5f886491ce148f0132a19cf9e

SHA512
e04734590a04e20ba46d7fe5ab5c9fc5a0cae66de17f65ad558bf1ce703d873c0441410c3fb3711dfff7f695c007299b3718cc0f2f51e21b6c4a893498744e1f

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
6a7c5f5ede45b15fcb3820a6fd1190e8

SHA1
dccaf60c35c4939a36d40653391b62548b9bad74

SHA256
f71f9f0e9a58f2cd6084df04e85d1ecc0e77c1a28860e1e1e04f66a6e56ba5d8

SHA512
b1b2331c6320bfdf29a63d1cd4cfd26dded8e15fca4f46657247b038f9a94f41319644a04250e419b74f1dbaaa9027b32f8550cc7ec6485b85e5b0a636974228

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
dea8fa0dfd73e294d46953bc1c840ec9

SHA1
21ea13ccadbbf08197b1ac7b9d4fb23acd0887cf

SHA256
bad5515cef12d0e472b309cf4e6468275a633b4b3da081f03cd63635b9670306

SHA512
0ac45c86699f3595ea598b2e86f6356454b08f182523b8e3789198a9be19a5b17f4d3274771cc63b49f99da35b6f25191406005dce2d7ba9412ab73d339d5012

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
d2f63f63b6fffeca284649ea49daaea6

SHA1
af42cf543f9007bfcb8827bf3898e3ca3e9003af

SHA256
36d0099622c31d055c4820a598eb133d9dce8ace8e04f1ec371ca5fd7dd68a19

SHA512
e723dcc16fff7b123f7efeeb1ee5389ae339f51d5b946ad1d5cee47485abea1cfac119a9eec3c3ff49eb0e013a26ec3230f8cbf52fea181bafee24ba67f5ccb0

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
3a1917bc5f978e2483ecc3e1b2a14afd

SHA1
da7e7e1a82995c2df013a8d9aad2cd32b61d002c

SHA256
06d82996970e01f7b6b4a1b6e4be48ff85f28bd1e6e1d7affde9b54b79d4fd52

SHA512
1e22e2c89cfd0aec7bc122accfd60849f5764a869a7058af2a499ee7d88a38c2b4d5206b09860b37e2195b85eb4dcb9ac9e441778d5fe6f96515b5534d654d08

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
e2ba632cf90059cc7ddbf2bbec0412c2

SHA1
a7239cc75c9293f8c6bc72d5fd4311e9d9b7b3f4

SHA256
2a3a7ddea68be3e51f1c7a17ade7b7c8386787ece20d20478d7ad29aaf5344a9

SHA512
01747fc0a449a557c6edd2e807abe8d6d85ddf4d0e0dcc3492b2cba85f8e905a942d493af3ea336584817214f228b2670da354af92366c68f07ac90e6967880f

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
598B

MD5
1d7073755506ecb88e74347dd3270703

SHA1
5f501d8692771f6b0481fd58e5d481fd4cd5261a

SHA256
922d15b2d9b233937416859bb9275749860b6a57acff63d53454d881eec95191

SHA512
b357544078c7bd3265b3874f7e766d262bd33c82e3265f38e3abada39875255364d01d461113f2d74c9f413630d5d0c185123ce2022b909f97297d46e8a04a13

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
a85fcc7ebae2bca2dc5ee19be29ec1d0

SHA1
92c4867624387f79a55c76d230e6b4d4c0784983

SHA256
947c74286c494855d20cce6e7fd590ce7122ec3c2ff192b983ddbb0642cef980

SHA512
b122a88b5af32debb2a3d06799d9df5bdd979408ac9f5bceb1ede7904d8ab9676f95949bd6302b2d7181cee9664a6d58847e7c2575f231f7b887d7fbd8e3aae2

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
7020310cd55eb5906d32aeff19486560

SHA1
13a7ab398403146b648c1a4d760218e94551d268

SHA256
3517d653277d9530bc57dd88a8b278d885af2339c7638f53d21f7abc0143f165

SHA512
cfda313456e4575695f1c47eb264db180a8fc3b2b47918f6d7fa963b9a164091249729aa22b0fcab20f96eb9296ec245e4b68da345edf76b171ced034b823ad9

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
d288ece4e7b0c1183be4f8072d46d7d5

SHA1
b90985fed0afc825f1a2e4dfb9ddb2de7cff84d3

SHA256
0cc65be8067dee4290db02fbf82f76e849de5f77c6db8ef2079f9a34be92091a

SHA512
1f3ac0a270440f3cc744a5b63b8745577c65a48f905309d344d62a5aaea61152a544bc72f0909acb7c253941c1d89dcdebebd8167df4bc48597a07e8707f52aa

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
ff7fd88b4e7b0cd081b942ec54d0eb0b

SHA1
a69b8decbaeeead1a86ce31bbab6c6e752f61e31

SHA256
3dd0bde4cc0f9fa87ca054490bd0cd8f5b1eac1697cb52cb2af792e799ae0d4a

SHA512
3fb47b0902fa83e8bca908173c534b15b8b98a05b50faa4006cebb6375579d959de005fa66d1aafd9a0200a2685c4c7307da68e7683a3a42e0a08e3ab99a28ee

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
30792372db9c6dd1506fe3c8300f4e38

SHA1
6e1363766574ea974102d5ae35376ac2b7aa75b3

SHA256
ce32bfac72372aa4a0b5e935c98f4df1c85ff8ff7295be687d7d4a738c814397

SHA512
fc53bf3989aca9b7acdae24fc10e71db016938ac602b1883f800c7245a30ec5cb24bf76de52a2f46a511a9d43c433eeebd9aba047991d4696ef248cde8ade803

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
f3e77ae8dcef43750aea8e1081ca31db

SHA1
306e17a3849eec525a7f9e9cbdb452e4441c9f02

SHA256
b79c2822fa895ab83578c28494d2526846876fce5bd51300ee5db72db903efb0

SHA512
67c098cc016e9a7a51b605f59726af3d592127069eb02087640e4151430ae057d4f59cc0faee9fef9a1937af9c2eb713b5db1f7146a950eff6b349ed9cd5ca48

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
5d8b88e29cff60dadfc4308849fa493d

SHA1
7f9920ef8df50e20abf72150d412f35543afc0f3

SHA256
e6a996444a0f9cd9bd227f170dd4efc818ae32151a424905345d79a4a1a579ee

SHA512
67a128bda1b2bfb67b63dff5bb1cf6931486fd89690e957ef32bb0124861afcd55e613551f7b27374db67ee564b12094a3dbb4fdf9d759fb02a7bfd917669b40

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
4983e19a88d4b0174755716b8ceeba73

SHA1
19118522602ef573469ef4f0155429ed3c56013f

SHA256
513c30efe4cf56da8f3eeee4e92d65fb3286111acaef9898694ab70898a3334c

SHA512
733e58235fe364594a2e78628e42ebf8f784fffe973599e75adbc97d4c7688508ad4020be345ae5f5561c55a77f72ddd26de50ca607e883ff4d0aed22221b83c

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
2bcf17b9f710990b99755f6fc315c568

SHA1
b67411f01a8e1cfb5645c825d917c85b0767c0e7

SHA256
ded425634a0d1f145a3c70372c983e9889e9358d0486eeae0063319b920d6873

SHA512
73d32301d470cfe1752ba66545291792c9c948832a3f5486420376825219253f07360b475d32f5dd206ac55c6e39f504cc309c4a7ad8ebd08014e0006baa1f39

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
690B

MD5
a21120cf855f83e85df6ef70361cf00d

SHA1
fdb1e9a1019926dee02ca1fd88329fe7c7397800

SHA256
2cfdb9fe85647f94ab8c9bac289100e876cd3870e88e9293d71e27af49b932d1

SHA512
6867c91596480d57b23cc0ea246bd8baca5aa3135c371b12ac82151f3a6e154638cd69d17e960ccc3a1af65f7a4b3f75b820de5a778afb2fee998ae24506af15

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
adf1feb84328693a5af5a1b6ba708e80

SHA1
4f47c557a3b2783884b43367fd70277d1e20418d

SHA256
791b8d34282e96aed919ddbc41c9464caab141e766dcd6286486626b3c8f935e

SHA512
b47d112bab114b3a2c33bb88503ddbf7a24e26676dc522db2e56821cfc73810725ca28ff420a3fa3cc7579fa72d33dcb09f72b77b7b2632033d90799bf665ae5

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
d07494eac3c1816edcaff8fde7cdf200

SHA1
2d8ffec9b7cc1c0625ef3fd272d813012bf1c5b0

SHA256
20d7cdc0a3801b1997175d28df8cb2bf96b588e6f3ac26eff50577da69aef300

SHA512
3c761fffc3f1d4a46345aebf85bc92f56a16bebb84429e103012636cb4d866060c328b6866783a31c9a0cdc366b8259bc276b66b1c62b3b9bc43eb119260e6d8

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
8cd47d6992895ffd3d3745477a081337

SHA1
a93fda9d455171e109e4dade1a05dda93f6fc52b

SHA256
581aed71e5eea027e0f27e7c35393666e7ba261d0651da1724d87b8f323b931d

SHA512
b050a0f720a8837ad6224d0bff063853a0ba0b1d0e61ab5f05fae47fdbfeea029db8b0b854f364cf8e62fc19a6df7672afa3f5a6622623ce53fa384bc2b3a61b

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
3d78157be86d9469b9cab713765ed69e

SHA1
3777e7643ed45e1f00b5079e61b89ac405de96bd

SHA256
39d635930bc362d487305f8746f8337f8f3792a5ca103640284c85bc66d92439

SHA512
4d548febc721b503d73a952705f7a4fa914a9ca548ea4713aab01823c9c91689046adca0b5f472368c734eb3764e54909f7e451d87d39b4f22eeb0a707abd241

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
143B

MD5
38481ad9126893a6308df162118bdf4e

SHA1
e1425efdcff5f1310b9f89a2cd1d1c14f8ef5489

SHA256
1694c492853ce0b5a0fe8ad72008fdec4a1aea9e6f1e3b59e3e6a0f8b37c74d3

SHA512
81fc27b20664b447f0148b740d6aed4455694b34ab99c4b87a283ffc40c77a70e87e66e5c7eef8f09146f6e6543116246ff5f4d66479d5342634992a8a5fb43b

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
33ec985535c7b993c8803fb77d0d026e

SHA1
ba9b4fc62253f774891151e41843926dcafa1f89

SHA256
42a2820257595a01a6f924e271d291853531148c64fcee880831af9e4e9523b3

SHA512
540ed435e312b3a8593f285a36af44aca83418b286a743d8aab13f3a2bdff807024b8a090f176fd9c27a6e166c5fc4330a92806cc7e2f6361cc6c1a467516e0b

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
736B

MD5
c07ac18106bbb603169635eadae2a200

SHA1
4a24d9bc48d1f7c135ab8357b3892b426cc0d685

SHA256
b63f4bd4e0f01350ba4de80b93d159b3d1fae85b8ccd945daa3b92ddbd8728b2

SHA512
bf5a8ac406cc75ae59645f011967150089bd15cadb83d62dd0fd3ae3f2b546ea8d56d502813b71b4937aaf645fa4bf8fe1b3f8f0f7ae520d41d0cdc513c2bc01

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
b2e7c2912e41ddb37f06124266a8a59f

SHA1
41c0b0dd6f305fb4b25547870903c7471058b700

SHA256
62e592bd9fb09ab04ab0eb368514e6888043a69f9b879e30690c70b5d63b9278

SHA512
77342d92aea1eabeb5f8b084d00821458eeb3e319872ac76a5b616220621b78c6cff5cd3ba1a09e4aee5f5d6ab5e48d8fa0ce3965252e03a673ae7e9cea3d24b

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
b0518de33dfd1c76a62a20d3a52de7bb

SHA1
0e941cd49501460d10c2b91df6af53b7fb4637ae

SHA256
6673b8476e0da1c036dc026f22b3fc179b420b5c62d1987288c5d8dfdbff733f

SHA512
65a807862ec749dfda75b76badfb9982882a822fe9b3daf7c8d0745608d268bd07b70c8b6559fc61bbd75861c9a1ab9ef083a396636194932f318cb1d238f98e

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
b7387dde9dc3880c5aaea65e1700aed2

SHA1
59f5b37e14a347546e8cbffca99b57f2ecbb0aa7

SHA256
7f5857613f5afa15edded7135374c37ec0f12a1f14566579b1b901c98a0c2c20

SHA512
41210768028c5b04416e3e7a1e711937c9fd73e9308923a238b53426cddacc0ede84c8c6f3edbc964a2b8281666165b7b78a5c7825225029dad5d1c6dddbec29

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
0257cc9fa910b39db21299b24dce1c51

SHA1
564740f01301e450d7a1403f3f89ee7996dac187

SHA256
460ee5ba67d3a5e3a68d2de2aba015346cca3701cb5ff886f0328b9004e3145f

SHA512
fd94547bad6c2729e770598b3aed67b24b9daece72bd171405eee2da14e86f3d15a2767b9f1bc2681db2fc15ef83a1c8492f8711a82d33e8aa440759109d6af5

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
26eae641d02157b1651c49ae28b45cb9

SHA1
0cf870f95aa8d409cffe2a8a830cabe7d42c8360

SHA256
5d3212975a2a2eb0f970348a2546400c9b51cebeff35568c1ec2edab72738b87

SHA512
808a93c7b874fe50581d53af350446189262ec036e34f84a1c9f2418363cfc137d5308986c88ce91e82154685e779256df592df0babbccd303408fbfb7222d2c

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
782B

MD5
28ccf7235d84400459aee9cb28500880

SHA1
7d8edc5e070bc111ec0bf9587bab5d0f321ae26d

SHA256
6db196bff60991f92a3b12c1ae506dc324a54ad36d957f4b9da23f90b3e01cee

SHA512
b1366f2145f73b2d6ac314b4736e193183e01242ab3fb774b73c5b7e4589d7580f06998a66af9d4f33157974be33e4445d32b9b017d9e0c5c3f6867a7ee28ec9

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
caaab924204e7ee28605865c6bb2ff78

SHA1
f3915803ca9161cde6c83114bf6d5473cad2cbe1

SHA256
5e8b668a6baf6de3e20a6a8cd08a816b35fe4c31e3be5e4c0e865672f7851e18

SHA512
35e31babaf4550ce7f3bf4abe626e87267765d8126420a29e2cb50a90ceb29e64095dd80a1be7af2b6c11a18244e26a2b6ec2adff9f992d78bba7cb3bc478b75

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
cbba00e737272815e5db1062132ac28c

SHA1
00c147600f3cadd71736e8102c4cdcd36a1ea58d

SHA256
dacd8f60b50e1ebee13b1c897aa1612997a52f5ea7204e3d2ca6a6c52438f21d

SHA512
65ec4c37800284d353d2b07d548a5caa06830aa5d40d361459d59c65a0ca78e623e8e69fa2feeadc438c0e98378a1a753b8be051790c9c999b2bd4249c18d463

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
41ac7c911b9fcbd8a04d4503ecd810d7

SHA1
029acf9b65b6f7c1633645fc6c02433bc20cf6a8

SHA256
70acd3806fb656951240f5577bda24567d14bc663a1f5caca4e89cb239aaa49f

SHA512
be39bd9cbbce1f83fa1cde043fbad2ebe719e15290eb766acb163dfc31d5b366d7c58a95c9fa5828bd8ef5bd02f62912a5c435329bfe326378e622416e950372

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
fe083e6f29366f70566bdb41a7e2ef9b

SHA1
7a7264dbb6ec93a450a99edca492e7f2e10e5f95

SHA256
f4fe1fd4886e11e83bd9af6bfda565df4e6ddf291463d4c1bdacf31c654bfe35

SHA512
638410d698b1722aadadbac7e450fa09794f8398f6982518e6cf6c1afe4433bbc67c159f868bbfee432f67c71b5ddb297b02e846f3dbd0fe851faee652a4a1d2

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
4da4132fe1cfae4203c3c8a35d539f38

SHA1
08f0d3acfe6f060ab4c3890c2fbd482b61c0f52c

SHA256
41a0422b3279c655f9dc13ee4a7e9ecf90378370b19ba0ad0b603ea41879741b

SHA512
9624d3d1aa9066e3cb421af45592f8e76fd11aa174461e40858361e7d5c286ec4145d1a4f6eeb2335eacac446a2c93eefd825270339c5d20501b7ee055dec31e

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
828B

MD5
135670e53f10f00cfbb8712211dd6620

SHA1
fdf3ed56041cb759748d3b864193bba2fa703432

SHA256
c4ee0fa7f3a0ad88fa804ed16f468fb58033cfad84cbf349a85885d618619ec9

SHA512
fdc421aa00eb7aee95d95b1021d4270acfc4ace2baf666bdd8c92710d86aaec532d26f0e03e1285cc4bbf24877491feed702c12f52882fcd3c6420c68e1903ce

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
da90f46bebbe496447a4945fc9ea73ae

SHA1
526df851c9ec7d4a8372d2f3c1692b1d91e496af

SHA256
77ba9cbb142bb3a349c0abe94f13c177930e7bb54a03be75a16f1d4b408570dc

SHA512
e13cd3203ded491e379379ba54354ebd1d641bbd0a5d3c34e6588dfb3c8048c442bdb8a48e08a4545e319f8305e01f6b0f798e3449e99ec3cc6a05344989b4d7

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
822c5be6b50a5a75bd0a77c3b3d6ea0b

SHA1
6f1e6b3c6efaf7c7552280ccfcbadd45f4743940

SHA256
74c138c09f98c1fca03ecde412aa24770fca5006c7c679f9ed69bbb9678f3b2c

SHA512
cc0562d6622ea0474677dfff1945d808625a90f72aa2dcf450390496c42233b70896b06b0d77bcce9a2e520cdfe4b4bbc6310de451970d53bbb9eab15ea165ff

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
363ed6985d1be33700430d517a34e112

SHA1
710d88d4fbb64145d1d54151750bcf731694060d

SHA256
6c2bdb15d567ff2a7d3de49da246db98db930fdb7209e745706302d6a15d7092

SHA512
a2f354075922abbcbc6b65ec99709819d32f0387d4b89a21be0de0b444eb394911fcd7502e6ae30bfc907e8c084c25917cb77142b6700266f017609c5ccd69df

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
491255c565a5650da05a50922de697e1

SHA1
b8742caee403b6cdbe9e1778b13e289f05398dbd

SHA256
77c9caf56a6b169660e4ce57f5f00c565ca4601e3f4910a902dd6ac203f7697c

SHA512
82e1f52514870a1e0ed7356f7a47d49b6a6bf438b87a8c5599f613c4ca0063c57913519f8d6821158eaf77ef82963c2ff76170023b4dab7f107f59c5948c0882

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
e42ab1a982753b05e145411894252a1d

SHA1
9fc74490e7056d60701907b652112871f764cbdd

SHA256
9e0f229cd1ca1cafddead05adf3f28091006f8a4b22ade6b5d56aeb08eff2b3b

SHA512
e2e05b93e54414597ebb59ec285d42039b745ab2cda6ba5cbc1854dc3cd1010f5566b2da97c170195fa6595f6b3892d63aaf8a4e9e07a85bb86594289ed132b1

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
86a6a307968bbafe1f67f78b4a0d2c05

SHA1
0a3242dd9a42f54860c7db6fefe757365d081781

SHA256
9184898afdc0da3f1de66bd9c8cc5a1a6d541229bcb28698c549b2f326e958b9

SHA512
cc4318969c78c239e16118748aa7169c283a69a79f29f11f02915ecb8f17920fd5fa741c4d12c3187bead3b620d87ee9ce26b1f1d427f89924e858f346e9d99d

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
874B

MD5
57a7c9ddc7dd6b1b2c6fdadaa41f627b

SHA1
6b1562a63e0e58761056c363bfd99a8126346e0f

SHA256
1d39ae7df3d64674d0131147e8d89443e796f88444987f0505edb3a1c42b368d

SHA512
00a8e80a0080a5dfb20472495375f14f9fe2cd1477c162a65443e1a2c636ff2063288ecfb86e328f0a37cce39a7f9fc05fa8b733b513c4613b0432ff6661b27a

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
b6077a2b82140f452ac4aaffb12b39b1

SHA1
847e31b50c3490d6ef2bfc96a6da2fa7c99d457e

SHA256
ddf6d5e749b79ca560de0473d5aeda56877e9484e9f5401f691b9097ecc33b29

SHA512
8a90c5ea91f1756a27fed5cf9f8ab0fe3ecba26c5054f8b3221b99426a043d6ce438a48e1999b4c77a56ce3c0d89a216cb42f651f9fbebfdca37f5f3114ea69f

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
11423dc9dbc58a798717e5d80a2597e4

SHA1
63eb29ebf187b8f287b734118caaa804a9789433

SHA256
406f30e168ec54178509cab53958c9841cf2611abfa739eb52761ca44dbe6ade

SHA512
5fd2441b916c0203696e22ba4538e8d2d7a213c4f6ae4274b7fd8a68709902d0c39b2e81b1179525eb41a0ce12095aa1beedac70c11aa98edbae52943589e603

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
904c78841d4f2c510e67afd34db79577

SHA1
f602748e9e4e41c60471b59e0818e060ad456b5c

SHA256
bafe04099273ae15d313d52cdc7d2ee5a222d886b422439cb6eb99053b7b65c5

SHA512
986606de7699fc06578f51532e1c92edb224b4778113e2872212434ab804d5fc8415abe89927b8c0799078f4f2f67d43511f289b5b88dd94ec1dc3308cf8740d

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
33dda5530749b7b1e6e37379c53dd6cc

SHA1
20e003886d0b065697120b7696d433f90d32d5fe

SHA256
0303f17fa27ff8762df56dbd866236ceaa45781f83c905d42179de04ed3bd1fd

SHA512
a304944d4a373585e60c16553dd6f7a3eb65e154f9585f3ad8d2fc4417cb532a1af01a840fdde4d57be18261d6bbb70be5622377e636b017dded39847be237f7

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
ad7cbd86d2fda00bbca8f4d48f23e283

SHA1
58c9962835f16833cc73021c46344fe1b6323aa7

SHA256
5f148a0b4727ab0a23664fde7e5e06731630761235ca02fc73ae100e9e42a1b2

SHA512
821c4f8b65caa61256abb249ea6c27f88b34855f669ec2a3712c22460414c5454a6e3fa8373fd27c332515fb1da22554fbc39c98a8430bbc77ae59c2d203f9d4

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
920B

MD5
6021ab5f9862d96643753b0b167d9b20

SHA1
7527c5f703295756d6947d69c811c453e13116e3

SHA256
6bc764395b0055388c237533b5dd3d60ac6e465afe591a60afa69e5f2ce63991

SHA512
c5d3095210e0b689a2d879b84fd5c21da87a5c46f65526a5c4635adb310315f3c9175ed5d95a8d9c3f6c59acdb32bd4f035e1a4b98acb8b5cc03cc9905807420

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
4aa35be94ef8e7ccf62fe022882cef73

SHA1
88cf2147d218d36f70492b942d4c345aa292c4c3

SHA256
9b2a5e0fe62fdb4a3f478adf228df4fdad1d3c8cfca92223a2efb517f57f1ece

SHA512
ef1bd91c8639fe944a90d5c191c34b4e036091dd3184dcd5dcbdeac483cf7ac237a3c5ffe5099b32da6ffe6b1cafcd895240a05bee09502bbbf4d2b063dd1269

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
148cbb4ac88ed02dfd79e2af4430771c

SHA1
80ee7531b1edf2879dceb538a6ad0c730b209d90

SHA256
62013d59b87ecf5398413d60a931514b9366b32b8cc9f0c457ccbc6e02fe427a

SHA512
841a977f2a0b3ef105a4043bb49391e7a012e5527a70f047af5ef8395680a435561db8206f3c883e5858d51da62d48c593e97dfe93cbea67d3c6e79eb84959c7

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
1054cdd319a6a30df9c49d916a2b523b

SHA1
9a5c2e2e6587f98523ea6eac40917570a498b62a

SHA256
98cfae8042e26635f253b13b50b60311109c46208f5b6d1dc49c8eecdd8e4920

SHA512
df6f9eeb051ac1511285ee967124bb37a529c571c0a1f8bc5489c2186cd634416f2e9337aceeebef16ac936a34f168b96fd89f030bfe074060f36e010a7e8fbc

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
e5f52c2237d36162f089ebfe635f6986

SHA1
48995a68a422c76283f95fb5a62f57e9425b4724

SHA256
9c455dc342653e5b41e3350912ceb84b6b05ac658039f166a9b93f72d6ee83ba

SHA512
a2cb23f4b909ef6d8520c0121ae67266f93ae3a012db243fddcb1c1c7125517ad4d2c0a9f9d745b8d916b5b2ef7eb8797757111d8c0d972e4fcac461f11d0973

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
2e3a0839ea696e5674e9fedec7e658d8

SHA1
8b9b18942c7a5cff8dc95fbe7e8c590ec5ce95e6

SHA256
842101dacf57ee284391fb98f540c25835ecab4e0fc9bf896b6687ab3fe81cfe

SHA512
5f269e95dafb0e9ae97312f4589b27d71ebb4dbbc985d007553a7c7077ffcc9e08c384647b58c4b5d4a16fbdd240563fb2ea28bda322f35ea988215faaff1e84

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
966B

MD5
e58ae7b27d47b7ac6a4cc7c955c611e3

SHA1
904786cf34092ade2d101352812a49eee055ea6a

SHA256
370441cf2ccb2c1b1e2adf0b94d450f30c10bc7460017ebbae6a76b58dbd9af9

SHA512
cb86c5fc832f9345e3ce5d4bfc58bbab2991c775c7362fab1bbda8a5abb5c9a5448eeed80928bcc96aea7b3846759155ff44da4aaf9b8feac0df904382842ec7

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
180d1e2cc01ee080017063e519bb962b

SHA1
1591c4fb8373a5f7b135c6f4a86aed271fd5178b

SHA256
b60c391d2c3a4fb779caa7a8f1c6efe39a2effe645012263c933e94f604c2aae

SHA512
804b28908db6de76d0d683abc4fa492fbd23010ddf03b128c90081755d1e9c3808497b861106878555e48e78717ba3008bdef5e152421937ed67fa678388ab9f

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
4e9aa2f7c283f2d9d148911dc0768750

SHA1
2ee4b9ad79c877c7c84a1b07911bb0c2009461ad

SHA256
92767a36873e9be894f0740f720ad0b60af4991639e17ea8c3165c64c59825c2

SHA512
fc6da96a0eec38ce942a5753f3c1fee04bf03fe31514d819b0f7eb526343a4d038b0c18f567771e051d69ce3acac9a0d147f09108e9c25881dc124b06bb47522

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
d3dd50b4d924ebdd3d5d35ec831b1804

SHA1
5126eb311e28611d140859181e51a5138daae5e3

SHA256
095ee677f6d4e0663cc67b5d59b0abdf052facd723bfedca9a3ce65088cb44ed

SHA512
3b20809d836e48059dd714f8309cf67a4950beaf8d09f15abf1329d1d78b9caf1996c07f3651bdb996085d62e432377aa4ced7984a189d648e91b0f689716c41

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
86a5adf0220b21db82dc9db7e02fcb6e

SHA1
891b6bab25faf2cf828c5f48e971cc793073f721

SHA256
662bf983b190119e36d48345e412790e7034cef4926cfb377175d9163cad7aac

SHA512
6c65f322c54724d1082ac7067c983d79cc29baabc500d21dcf946c80eaf3d262b25e4a2ba2bf12a9431540266f53b4baeaa8345f88ce266e877128d54ced6f74

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
6c3cee98987312dc9b96bbf4f6ca4eb1

SHA1
7716f9520b0f7240e39bf13f0303472efff22a53

SHA256
23b5f2932fcd81774cb0b3e64deb8e7de75f30015f662c03bb627cae5d0e340d

SHA512
c23ad9080df790c1f123c8d19c3fe145db79db7954e3b31d14cd35d8bee62abb66d9a60c936294e2026c8e5e8e5204e360dad8a6c2bd0b1db19ee8ac92640686

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
a37075c50caf3359fed3c0ee3e7bee45

SHA1
07a15687898ba500cf72c2dadb88f81ce8e258da

SHA256
24637a3aef2a04405fb7516349ef51aeb4226e454fdce226bca7e919e207e8d8

SHA512
b0bc3200f2e4fb1ed3654b595d4022ef01224aaf7be78acfe2ceaf54b4b1be6c83347ed95e7a7c06b33f4332b62f504037c6e19b6e1269207195222027800e87

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
8bc8e9795c494076d152e48e03f9aef6

SHA1
72f1790d6db05dca5e0fdc6fbee96fbdf6e72236

SHA256
1e7d1b55da0f385961184195fcdbf1bee93422e3afbfee4b67d57b04060c5e44

SHA512
ffb6ab9748bbd13394d25a0bf227606bb053a854a0f85bf94b5aa25f660e6aa22bd82ad3e68f79f4669a806fa0c69a27001ad997c5c8408e75767882806c98f8

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1012B

MD5
b91d81e24b0dc57d1f5648b154fa8836

SHA1
039b9bb31817b5dc10e862ea6b430a978214b574

SHA256
845051eecd971ee5a744191fb5824626d2380f4cb4fc0547946f63a245f7c89f

SHA512
5201639248c9b0848c6dcf5b8f5cccf9d52e16db722eddc8734f6896d7418e1e3222e4708b9bc57f2b4da0980bbc913ffb6f51c4a06c80c3aa19c9b162bbc98d

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
d430a117d664b1d8f1ed2fe91ed37373

SHA1
a42ee59e8bec1c39c4a3aa224a720e1719a634f1

SHA256
8d0f0632065f9d3f17e09f2b172bc2811309f47137197a8dcdbffed475338071

SHA512
7c4fcd9fc5700d53fc2ea4cfc712435569db4dcf98fb1f6818c187f21295172177efce28ca8917bd190df65a2b360d1eb0fed4f006f7e4dcf890634588ac8cbd

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
6158b8b10e32e77366bb42244ce6946e

SHA1
69f2263c8fbecef976e021c3a5753fef46e82a7b

SHA256
14a4aa1f16e8ef36348228797969a1f9c932373df04409abc252c21d5457e559

SHA512
943bd9a6e8ebb103fce953ea2e04360eae01766bdc102e6260a5a9966d43833ad0d9f18637150652b8a69037ee12e80723ff4462ba10a322e0626b4804233a06

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
121f02ed5185d81ab76b79f85f99ce3f

SHA1
d45e9ea046824bfd570c021c8b1bb33280411a14

SHA256
ae9ebbcfcb35b45fba6c80836c7295efe33e204355aa01a2e88fa21ad7923ce8

SHA512
896eeda251a36211b8670a887c779529df03540874387489d86ed926c785b0f8db8905d4da4ca82a49ee1f0c0bd9440772aa07776365cb024edef06aa836122d

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
a9eb8501ef687c7ab4e683513104a9f7

SHA1
ffb6aca3392b747c66d0e082ca4e5ed2f4b9d416

SHA256
ea6b976ae34a51cfbb1252881f80c317dd25fdc4625d296499657f2fd3346286

SHA512
d2c8e6d40f353d4d02ae373f48a494f1a7e4c0635c521f065e9b1d14283caa73fac00037726aceb6646e875da5d555c3bafb5bad7f57a30d9b160a1e2f45fda5

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
74cccbd3ba0498d58a86361534b53925

SHA1
4771a24ea55d9615b3ce5ce833a5cf31f5e7c691

SHA256
adb7194881f9347d9291a90de9c4ccf3a7924e8db260ce038a3260d99297a9b3

SHA512
34bdf85a4cec88fd7863f95bd0c562dcf0d69b1a4c2d45e3814892179b0422b4c8d8a51de7ae0914db43fb0207c21505141a13fd90c0c3dc1739177e3f7a6848

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
6e4b69bad45e985fb5cabb0170994437

SHA1
258bf2248ec1d5b54f8d67d2beb19f93818902ac

SHA256
4b26a95cba592c04a46a87ad94928f6f5bc062c2c5d77be5d8e363c18aae791a

SHA512
cbba0321a22547e31495e7e40d46f8d5965b51031e4607614272c9180d109d617ca4d7004401a1c797d48890568a284112c01766b6dd6fbdd8c235be4e9bea78

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
5638611fe1035184ee20b0ed2ece7274

SHA1
45b97477e20eeb37de976fa09db6ffe0fc32424c

SHA256
d53b44f024bfbcc5383a7d83a10a7d7c02e0b547107ab4e4e19208de7c5e24b8

SHA512
594bd9a8d1eb7bc391018746f7efb63c27c2d9f02051a61e386eed52ff1d111ecd93f8e72e49aca9667fad3db14786e60fdce60b7f89bc939853b65a32a7aad1

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
7be89ddc60685d12c8252c70d7eb336f

SHA1
fc690c3f53fa12fedb95a8e53b8acedceb3186f6

SHA256
ae43bbf6a1296a3d088fc363eb950dfccc46dfb429827fe955dde6b63647c7ac

SHA512
be8cfc529e196b973503df5bd7a9032757c7136f95a8211e174370fc72c3b5484d5446e1192a030cd6d7fd2b0059b42b35613f6ab428ac02152374c4f736f5f2

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
5866ff8a544d9db7353f9b00591429f3

SHA1
13aae1023921d4885dc59a007a36c35c5111eea0

SHA256
de17c0dadadf2c0c6628eed3dd176ec05642c8e526a7507ae302c5f2ccfe6fb2

SHA512
4aa3e7a2cb37027db2dd5747312ace80a519135ccf3e2849962fc276f3ea689cc38cf970610929cb3c67136dc540a81dec3c1e4ff29ca250ba7c97af4a50331a

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
9f1be5dd6be8e38823a940cf976439b8

SHA1
9fac8ad95f10f64e04dd7cbd59129ac0ad23d234

SHA256
99c7e0f1389bc72b25f469adf260c91df80a347be1eebe3bf025aec79a10e8fe

SHA512
3dfab95009ef0ed8668d981310183b233f4102c133e3124ed59d2fc724cbb273a6d1201fc5e4f992f80767b2b3aab9bcabc78358af56198a09e468e0ba43387b

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
929b57dd6c59aa805126864ca2d0d8ef

SHA1
943773275f29cbace85def55987ec998dd93cf1b

SHA256
78408d8fa3194a6c8accee5c26039be00ce4f75a25e73e2df443b6234e99b82f

SHA512
9bfe7702cd067c12acc328b674dcbced1ee710acb47969b790d6f66e87ff91ef44350ab8e1ed4dd7ae685a6429b1d9cabea7585c1907591582e75c88fe27b252

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
210109d9b456db3ccf80113502d9f7af

SHA1
266babfc22d02a90a0c2b71f1e7fa6e2a9510f89

SHA256
bf514115d556eb726ee783f39e0f0a09a8695e72b87d5a0265ab9176cc261a59

SHA512
18a6560afc22e09d5d077d5c1709f114d12dcb2d1621969035c0d06d6e1c1a75d8ecedfdf66f08ffee78eca1ed4100eb81b5dcca2782f6e69d635471cfe4269f

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
39807dfd1dafe11c903b625dfe1ed4c3

SHA1
02cb091e1abedea257a6f363255c83db9caadc27

SHA256
7f798769aadb67f6a78b33afff2a76f712f1d4ecc3236973ea9e9ba40473c55f

SHA512
4accbc2184d1e50ddc305322d31c6716eeaec7cba59da2b2ae0543de925d0579aa4a931ee9dc8086f07efcb7fbace37dc4c7a430367a33af1d6058e2b4b11379

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
9ad5843e437ed30f7be396bee3a6cc9c

SHA1
c8db5e9df29c446925999b2cb5500d4920d0a0bc

SHA256
f569cf33edc5b6a25ad7057f8ca0c873ac66913a8cb8f15576189d87e8f7ab63

SHA512
9da59821d073663b249545b01877dcae1352091c187c0258cf5e8d87061d776248313b932d393b40741810dc1391d84a97bccdcb49dfd36c1b46c61d65563a61

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
246c1107038c8d73a6d0f55b34536e1f

SHA1
d4cde6f54f518d9e48fdb582e6b43cb3a684b412

SHA256
70dba105cfef0dd75bde5404b2e7623c6f378cc8d4bb63ea62414dd5710016f6

SHA512
fbfd8958ad55061eca16ede8b8cf64da4a9247a1c4f8ee33a0b545704400a5c236ede87f6796774d138582af0fba8fb2d5c9c381bb1e8d29edfbcec3c8220566

Download Submit
C:\Windows\SysWOW64\dhdini.dll

Filesize
1KB

MD5
a75cf553d954baa7cb023a2a91d16745

SHA1
a279684056b7f4699e94fd12251f278a1467d7a4

SHA256
ae4908b48c044f90b14dddc1ae54c9ddb4dfd9b114531c26ceb5958814f40e65

SHA512
f69e5b3c51aa90d3000d87bf20fd91ad407b247f59e657abb4bf3181f721117f8ff7a6eeeb19013bf7eaaefe6afb5935cb00eda86bbbc9a444a966f48346f636

Download Submit
C:\Windows\SysWOW64\dhdpri.dll

Filesize
16KB

MD5
3079059873e4ddc2a2b8c14f7fca77af

SHA1
3b102428e428f2019d6b92d38937d0c00bf6bcfd

SHA256
e71121af6c4be991bc5f60fc6a3a5ce4ef61fc309d4452274b9e52a56ae573de

SHA512
a52484028de319eef24271156c72dc8ea71f521abc97fc37aff33c86c834e919c790c0d207b55363dd2ca7387ca8936b63e8437b4ace6055ab1f1779be7954b2

Download Submit
\Windows\SysWOW64\dhdins.exe

Filesize
96KB

MD5
458cdbe6a7645633cf217959df60191b

SHA1
a1d352d01f1ba6def14a52d93eb3412dcb7205ab

SHA256
44ef5989e265bb5a1c8bcb0033ff0708f3f902d3cbc4f2ea473848ab3b8b2a61

SHA512
5302c602a91a533b18813573c273255aae295c6b46cd378b9d5344c2015d92f4e372085caa7d94be456696045e7b4e34b9abe1ed50bb2657b408b788e9111219

Download Submit
memory/584-590-0x00000000002B0000-0x00000000002C8000-memory.dmp

Filesize
96KB

Download
memory/584-367-0x00000000002B0000-0x00000000002C8000-memory.dmp

Filesize
96KB

Download
memory/688-4953-0x00000000003C0000-0x00000000003D8000-memory.dmp

Filesize
96KB

Download
memory/688-5423-0x00000000003C0000-0x00000000003D8000-memory.dmp

Filesize
96KB

Download
memory/1236-46-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1236-73-0x00000000002A0000-0x00000000002B8000-memory.dmp

Filesize
96KB

Download
memory/1268-747-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/1480-1115-0x00000000002B0000-0x00000000002C8000-memory.dmp

Filesize
96KB

Download
memory/1724-7837-0x00000000001B0000-0x00000000001C8000-memory.dmp

Filesize
96KB

Download
memory/1988-123-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/1988-286-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/2208-124-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2208-148-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/2208-332-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/2232-215-0x00000000002A0000-0x00000000002B8000-memory.dmp

Filesize
96KB

Download
memory/2328-92-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/2328-253-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/2328-252-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/2484-254-0x00000000001B0000-0x00000000001C8000-memory.dmp

Filesize
96KB

Download
memory/2484-451-0x00000000001B0000-0x00000000001C8000-memory.dmp

Filesize
96KB

Download
memory/2484-450-0x00000000001B0000-0x00000000001C8000-memory.dmp

Filesize
96KB

Download
memory/2628-27-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2628-43-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/2628-187-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/2688-289-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/2776-1184-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/2776-1477-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/2876-184-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/2876-185-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/2876-150-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2876-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2876-25-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/2876-26-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/3056-1048-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/3140-4141-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/3248-5051-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/3248-4567-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/3376-3302-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/3408-4566-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/3408-4064-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/3496-4308-0x00000000001B0000-0x00000000001C8000-memory.dmp

Filesize
96KB

Download
memory/3496-4853-0x00000000001B0000-0x00000000001C8000-memory.dmp

Filesize
96KB

Download
memory/3748-3683-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/3776-5324-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/3776-4854-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/3828-4755-0x00000000001B0000-0x00000000001C8000-memory.dmp

Filesize
96KB

Download
memory/3828-5226-0x00000000001B0000-0x00000000001C8000-memory.dmp

Filesize
96KB

Download
memory/3864-4952-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/3908-5866-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/3908-6328-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/3944-7484-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/3944-7921-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/3988-6690-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/3988-6237-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/4380-5774-0x00000000003D0000-0x00000000003E8000-memory.dmp

Filesize
96KB

Download
memory/4380-5325-0x00000000003D0000-0x00000000003E8000-memory.dmp

Filesize
96KB

Download
memory/4524-7753-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/4568-6229-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/4568-5773-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/4668-5516-0x00000000002B0000-0x00000000002C8000-memory.dmp

Filesize
96KB

Download
memory/4668-5964-0x00000000002B0000-0x00000000002C8000-memory.dmp

Filesize
96KB

Download
memory/4752-7660-0x0000000000230000-0x0000000000248000-memory.dmp

Filesize
96KB

Download
memory/4752-7223-0x0000000000230000-0x0000000000248000-memory.dmp

Filesize
96KB

Download
memory/4852-6959-0x00000000003B0000-0x00000000003C8000-memory.dmp

Filesize
96KB

Download
memory/4852-6512-0x00000000003B0000-0x00000000003C8000-memory.dmp

Filesize
96KB

Download
memory/4852-6513-0x00000000003B0000-0x00000000003C8000-memory.dmp

Filesize
96KB

Download
memory/4852-6960-0x00000000003B0000-0x00000000003C8000-memory.dmp

Filesize
96KB

Download
memory/4928-5865-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/4928-5424-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/5056-5515-0x00000000002B0000-0x00000000002C8000-memory.dmp

Filesize
96KB

Download
memory/5056-5052-0x00000000002B0000-0x00000000002C8000-memory.dmp

Filesize
96KB

Download
memory/5140-7308-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/5140-7745-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/5572-6775-0x00000000003A0000-0x00000000003B8000-memory.dmp

Filesize
96KB

Download
memory/5572-6329-0x00000000003A0000-0x00000000003B8000-memory.dmp

Filesize
96KB

Download
memory/5732-7307-0x00000000001B0000-0x00000000001C8000-memory.dmp

Filesize
96KB

Download
memory/5732-6868-0x00000000001B0000-0x00000000001C8000-memory.dmp

Filesize
96KB

Download
memory/5864-6420-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/5864-5965-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/5868-6421-0x00000000001B0000-0x00000000001C8000-memory.dmp

Filesize
96KB

Download
memory/5868-6867-0x00000000001B0000-0x00000000001C8000-memory.dmp

Filesize
96KB

Download
memory/5984-7215-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/5984-6776-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/6004-6691-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/6004-7130-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/6136-6599-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/6136-7045-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/6208-8003-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/6208-7583-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/6304-7668-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/6696-7046-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/6696-7483-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/6756-6961-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/6756-7392-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/7024-7131-0x00000000002B0000-0x00000000002C8000-memory.dmp

Filesize
96KB

Download
memory/7024-7575-0x00000000002B0000-0x00000000002C8000-memory.dmp

Filesize
96KB

Download