ba919d09dd0d7c9b00e937e756da203cc41509a377af3c2262f65d5f055fcf6b

Analysis

max time kernel
100s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01/10/2024, 05:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe
Size

83KB
MD5

04836c4e5262e9b60c4d94168654b37d
SHA1

2e1fb185998a664c3873a12a641d2a475f06ff67
SHA256

ba919d09dd0d7c9b00e937e756da203cc41509a377af3c2262f65d5f055fcf6b
SHA512

653fce45b5c7c9403484ad3d8f9928b507878f32269147ebf1c055b751166f66bea64af73040f7c347a07cb3afb962fa3b85a6654d2f0fbd2209ca5331ab74ae
SSDEEP

768:MpgeybW4oW7f4Z0h7bQSjwBpgedziMXYNg89JypPYr2P2/xO:M8W4oI4ZO7bXY2Ec2+/Q

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	MMHADPQG1091.exe
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	MMHADPQG1091.exe
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	MMHADPQG1091.exe
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	MMHADPQG1091.exe
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	MMHADPQG1091.exe
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	MMHADPQG1091.exe
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	MMHADPQG1091.exe
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	MMHADPQG1091.exe
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	MMHADPQG1091.exe
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	MMHADPQG1091.exe
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	MMHADPQG1091.exe
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File created	C:\Windows\SysWOW64\drivers\Hdv32.sys	04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	MMHADPQG1091.exe
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	MMHADPQG1091.exe
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	MMHADPQG1091.exe
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found
File opened for modification	C:\Windows\SysWOW64\drivers\Hdv32.sys	Process not Found

Deletes itself 1 IoCs

pid	Process
2036	cmd.exe

Executes dropped EXE 64 IoCs

pid	Process
1384	MMHADPQG1091.exe
2388	MMHADPQG1091.exe
2124	MMHADPQG1091.exe
3036	MMHADPQG1091.exe
1688	MMHADPQG1091.exe
2008	MMHADPQG1091.exe
2696	MMHADPQG1091.exe
1744	MMHADPQG1091.exe
2400	MMHADPQG1091.exe
408	MMHADPQG1091.exe
1548	MMHADPQG1091.exe
1140	MMHADPQG1091.exe
2320	MMHADPQG1091.exe
380	MMHADPQG1091.exe
2040	MMHADPQG1091.exe
2940	MMHADPQG1091.exe
1688	MMHADPQG1091.exe
3048	MMHADPQG1091.exe
2928	MMHADPQG1091.exe
484	MMHADPQG1091.exe
2152	MMHADPQG1091.exe
3040	MMHADPQG1091.exe
1360	MMHADPQG1091.exe
2248	MMHADPQG1091.exe
2408	MMHADPQG1091.exe
1428	MMHADPQG1091.exe
2364	MMHADPQG1091.exe
2320	MMHADPQG1091.exe
1976	MMHADPQG1091.exe
2912	MMHADPQG1091.exe
2036	MMHADPQG1091.exe
1688	MMHADPQG1091.exe
2076	MMHADPQG1091.exe
1624	MMHADPQG1091.exe
444	MMHADPQG1091.exe
1828	MMHADPQG1091.exe
872	MMHADPQG1091.exe
2204	MMHADPQG1091.exe
1140	MMHADPQG1091.exe
2872	MMHADPQG1091.exe
2304	MMHADPQG1091.exe
1100	MMHADPQG1091.exe
2588	MMHADPQG1091.exe
2212	MMHADPQG1091.exe
2964	MMHADPQG1091.exe
1140	MMHADPQG1091.exe
2948	MMHADPQG1091.exe
1216	MMHADPQG1091.exe
444	MMHADPQG1091.exe
2984	MMHADPQG1091.exe
2936	MMHADPQG1091.exe
1064	MMHADPQG1091.exe
1688	MMHADPQG1091.exe
2424	MMHADPQG1091.exe
2716	MMHADPQG1091.exe
2156	MMHADPQG1091.exe
2716	MMHADPQG1091.exe
3132	MMHADPQG1091.exe
3200	MMHADPQG1091.exe
3264	MMHADPQG1091.exe
3500	MMHADPQG1091.exe
3668	MMHADPQG1091.exe
3840	MMHADPQG1091.exe
4008	MMHADPQG1091.exe

Loads dropped DLL 64 IoCs

pid	Process
2380	04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe
2380	04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe
1384	MMHADPQG1091.exe
1384	MMHADPQG1091.exe
2388	MMHADPQG1091.exe
2388	MMHADPQG1091.exe
2124	MMHADPQG1091.exe
2124	MMHADPQG1091.exe
3036	MMHADPQG1091.exe
3036	MMHADPQG1091.exe
1688	MMHADPQG1091.exe
1688	MMHADPQG1091.exe
2008	MMHADPQG1091.exe
2008	MMHADPQG1091.exe
2696	MMHADPQG1091.exe
2696	MMHADPQG1091.exe
1744	MMHADPQG1091.exe
1744	MMHADPQG1091.exe
2400	MMHADPQG1091.exe
2400	MMHADPQG1091.exe
408	MMHADPQG1091.exe
408	MMHADPQG1091.exe
1548	MMHADPQG1091.exe
1548	MMHADPQG1091.exe
1140	MMHADPQG1091.exe
1140	MMHADPQG1091.exe
2320	MMHADPQG1091.exe
2320	MMHADPQG1091.exe
380	MMHADPQG1091.exe
380	MMHADPQG1091.exe
2040	MMHADPQG1091.exe
2040	MMHADPQG1091.exe
2940	MMHADPQG1091.exe
2940	MMHADPQG1091.exe
1688	MMHADPQG1091.exe
1688	MMHADPQG1091.exe
3048	MMHADPQG1091.exe
3048	MMHADPQG1091.exe
2928	MMHADPQG1091.exe
2928	MMHADPQG1091.exe
484	MMHADPQG1091.exe
484	MMHADPQG1091.exe
2152	MMHADPQG1091.exe
2152	MMHADPQG1091.exe
3040	MMHADPQG1091.exe
3040	MMHADPQG1091.exe
1360	MMHADPQG1091.exe
1360	MMHADPQG1091.exe
2248	MMHADPQG1091.exe
2248	MMHADPQG1091.exe
2408	MMHADPQG1091.exe
2408	MMHADPQG1091.exe
1428	MMHADPQG1091.exe
1428	MMHADPQG1091.exe
2364	MMHADPQG1091.exe
2364	MMHADPQG1091.exe
2320	MMHADPQG1091.exe
2320	MMHADPQG1091.exe
1976	MMHADPQG1091.exe
1976	MMHADPQG1091.exe
2912	MMHADPQG1091.exe
2912	MMHADPQG1091.exe
2036	MMHADPQG1091.exe
2036	MMHADPQG1091.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	MMHADPQG1091.exe
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found
File opened for modification	C:\Windows\SysWOW64\MMHADPQG1091.exe	Process not Found

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MMHADPQG1091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2380	04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe
2380	04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe
2380	04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe
2380	04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe
1384	MMHADPQG1091.exe
1384	MMHADPQG1091.exe
1384	MMHADPQG1091.exe
1384	MMHADPQG1091.exe
2388	MMHADPQG1091.exe
2388	MMHADPQG1091.exe
2388	MMHADPQG1091.exe
2388	MMHADPQG1091.exe
2124	MMHADPQG1091.exe
2124	MMHADPQG1091.exe
2124	MMHADPQG1091.exe
2124	MMHADPQG1091.exe
3036	MMHADPQG1091.exe
3036	MMHADPQG1091.exe
3036	MMHADPQG1091.exe
3036	MMHADPQG1091.exe
1688	MMHADPQG1091.exe
1688	MMHADPQG1091.exe
1688	MMHADPQG1091.exe
1688	MMHADPQG1091.exe
2008	MMHADPQG1091.exe
2008	MMHADPQG1091.exe
2008	MMHADPQG1091.exe
2008	MMHADPQG1091.exe
2696	MMHADPQG1091.exe
2696	MMHADPQG1091.exe
2696	MMHADPQG1091.exe
2696	MMHADPQG1091.exe
1744	MMHADPQG1091.exe
1744	MMHADPQG1091.exe
1744	MMHADPQG1091.exe
1744	MMHADPQG1091.exe
2400	MMHADPQG1091.exe
2400	MMHADPQG1091.exe
2400	MMHADPQG1091.exe
2400	MMHADPQG1091.exe
408	MMHADPQG1091.exe
408	MMHADPQG1091.exe
408	MMHADPQG1091.exe
408	MMHADPQG1091.exe
1548	MMHADPQG1091.exe
1548	MMHADPQG1091.exe
1548	MMHADPQG1091.exe
1548	MMHADPQG1091.exe
1140	MMHADPQG1091.exe
1140	MMHADPQG1091.exe
1140	MMHADPQG1091.exe
1140	MMHADPQG1091.exe
2320	MMHADPQG1091.exe
2320	MMHADPQG1091.exe
2320	MMHADPQG1091.exe
2320	MMHADPQG1091.exe
380	MMHADPQG1091.exe
380	MMHADPQG1091.exe
380	MMHADPQG1091.exe
380	MMHADPQG1091.exe
2040	MMHADPQG1091.exe
2040	MMHADPQG1091.exe
2040	MMHADPQG1091.exe
2040	MMHADPQG1091.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found
476	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 1384	2380	04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe	30
PID 2380 wrote to memory of 1384	2380	04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe	30
PID 2380 wrote to memory of 1384	2380	04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe	30
PID 2380 wrote to memory of 1384	2380	04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe	30
PID 2380 wrote to memory of 2036	2380	04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe	31
PID 2380 wrote to memory of 2036	2380	04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe	31
PID 2380 wrote to memory of 2036	2380	04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe	31
PID 2380 wrote to memory of 2036	2380	04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe	31
PID 1384 wrote to memory of 2388	1384	MMHADPQG1091.exe	33
PID 1384 wrote to memory of 2388	1384	MMHADPQG1091.exe	33
PID 1384 wrote to memory of 2388	1384	MMHADPQG1091.exe	33
PID 1384 wrote to memory of 2388	1384	MMHADPQG1091.exe	33
PID 1384 wrote to memory of 2840	1384	MMHADPQG1091.exe	34
PID 1384 wrote to memory of 2840	1384	MMHADPQG1091.exe	34
PID 1384 wrote to memory of 2840	1384	MMHADPQG1091.exe	34
PID 1384 wrote to memory of 2840	1384	MMHADPQG1091.exe	34
PID 2388 wrote to memory of 2124	2388	MMHADPQG1091.exe	36
PID 2388 wrote to memory of 2124	2388	MMHADPQG1091.exe	36
PID 2388 wrote to memory of 2124	2388	MMHADPQG1091.exe	36
PID 2388 wrote to memory of 2124	2388	MMHADPQG1091.exe	36
PID 2388 wrote to memory of 2976	2388	MMHADPQG1091.exe	37
PID 2388 wrote to memory of 2976	2388	MMHADPQG1091.exe	37
PID 2388 wrote to memory of 2976	2388	MMHADPQG1091.exe	37
PID 2388 wrote to memory of 2976	2388	MMHADPQG1091.exe	37
PID 2124 wrote to memory of 3036	2124	MMHADPQG1091.exe	39
PID 2124 wrote to memory of 3036	2124	MMHADPQG1091.exe	39
PID 2124 wrote to memory of 3036	2124	MMHADPQG1091.exe	39
PID 2124 wrote to memory of 3036	2124	MMHADPQG1091.exe	39
PID 2124 wrote to memory of 2708	2124	MMHADPQG1091.exe	40
PID 2124 wrote to memory of 2708	2124	MMHADPQG1091.exe	40
PID 2124 wrote to memory of 2708	2124	MMHADPQG1091.exe	40
PID 2124 wrote to memory of 2708	2124	MMHADPQG1091.exe	40
PID 2840 wrote to memory of 2740	2840	cmd.exe	42
PID 2840 wrote to memory of 2740	2840	cmd.exe	42
PID 2840 wrote to memory of 2740	2840	cmd.exe	42
PID 2840 wrote to memory of 2740	2840	cmd.exe	42
PID 2036 wrote to memory of 2720	2036	cmd.exe	41
PID 2036 wrote to memory of 2720	2036	cmd.exe	41
PID 2036 wrote to memory of 2720	2036	cmd.exe	41
PID 2036 wrote to memory of 2720	2036	cmd.exe	41
PID 3036 wrote to memory of 1688	3036	MMHADPQG1091.exe	44
PID 3036 wrote to memory of 1688	3036	MMHADPQG1091.exe	44
PID 3036 wrote to memory of 1688	3036	MMHADPQG1091.exe	44
PID 3036 wrote to memory of 1688	3036	MMHADPQG1091.exe	44
PID 3036 wrote to memory of 1304	3036	MMHADPQG1091.exe	45
PID 3036 wrote to memory of 1304	3036	MMHADPQG1091.exe	45
PID 3036 wrote to memory of 1304	3036	MMHADPQG1091.exe	45
PID 3036 wrote to memory of 1304	3036	MMHADPQG1091.exe	45
PID 2976 wrote to memory of 1324	2976	cmd.exe	47
PID 2976 wrote to memory of 1324	2976	cmd.exe	47
PID 2976 wrote to memory of 1324	2976	cmd.exe	47
PID 2976 wrote to memory of 1324	2976	cmd.exe	47
PID 1688 wrote to memory of 2008	1688	MMHADPQG1091.exe	48
PID 1688 wrote to memory of 2008	1688	MMHADPQG1091.exe	48
PID 1688 wrote to memory of 2008	1688	MMHADPQG1091.exe	48
PID 1688 wrote to memory of 2008	1688	MMHADPQG1091.exe	48
PID 1688 wrote to memory of 2396	1688	MMHADPQG1091.exe	49
PID 1688 wrote to memory of 2396	1688	MMHADPQG1091.exe	49
PID 1688 wrote to memory of 2396	1688	MMHADPQG1091.exe	49
PID 1688 wrote to memory of 2396	1688	MMHADPQG1091.exe	49
PID 2976 wrote to memory of 2236	2976	cmd.exe	50
PID 2976 wrote to memory of 2236	2976	cmd.exe	50
PID 2976 wrote to memory of 2236	2976	cmd.exe	50
PID 2976 wrote to memory of 2236	2976	cmd.exe	50

Views/modifies file attributes 1 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
5812	Process not Found
13132	Process not Found
5472	Process not Found
6616	Process not Found
4068	attrib.exe
5468	Process not Found
5872	Process not Found
6252	Process not Found
13408	Process not Found
7276	Process not Found
1084	Process not Found
3732	Process not Found
3860	attrib.exe
11996	Process not Found
13176	Process not Found
6268	Process not Found
4776	Process not Found
10452	Process not Found
13492	Process not Found
8772	Process not Found
9392	Process not Found
6488	Process not Found
13300	Process not Found
5396	Process not Found
5828	Process not Found
15224	Process not Found
1296	Process not Found
14924	Process not Found
8780	Process not Found
12480	Process not Found
6864	Process not Found
6848	Process not Found
9624	Process not Found
6672	Process not Found
3028	Process not Found
1940	Process not Found
9624	Process not Found
5772	Process not Found
6824	Process not Found
10120	Process not Found
3644	attrib.exe
3576	Process not Found
5864	Process not Found
13004	Process not Found
8432	Process not Found
3828	attrib.exe
3764	attrib.exe
7156	Process not Found
13212	Process not Found
11380	Process not Found
8496	Process not Found
3724	attrib.exe
6072	Process not Found
10508	Process not Found
7600	Process not Found
5468	Process not Found
12564	Process not Found
3716	attrib.exe
1820	attrib.exe
3136	attrib.exe
3404	Process not Found
12436	Process not Found
12884	Process not Found
12956	Process not Found

C:\Users\Admin\AppData\Local\Temp\04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\SysWOW64\MMHADPQG1091.exe
  C:\Windows\system32\MMHADPQG1091.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1384
- - C:\Windows\SysWOW64\MMHADPQG1091.exe
    C:\Windows\system32\MMHADPQG1091.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2388
  - - C:\Windows\SysWOW64\MMHADPQG1091.exe
      C:\Windows\system32\MMHADPQG1091.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2124
    - - C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3036
      - C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        6⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1688
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2008
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2696
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1744
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2400
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:408
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1548
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1140
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2320
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        15⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:380
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2040
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2940
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1688
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3048
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2928
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:484
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2152
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3040
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1360
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        25⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2248
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2408
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1428
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2364
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2320
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1976
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2912
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2036
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        33⤵
        Executes dropped EXE
        
        PID:1688
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        34⤵
        Executes dropped EXE
        
        PID:2076
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        35⤵
        Executes dropped EXE
        
        PID:1624
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        36⤵
        Executes dropped EXE
        
        PID:444
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        37⤵
        Executes dropped EXE
        
        PID:1828
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        38⤵
        Drops file in Drivers directory
        Executes dropped EXE
        
        PID:872
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        39⤵
        Executes dropped EXE
        
        PID:2204
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        40⤵
        Executes dropped EXE
        
        PID:1140
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        41⤵
        Drops file in Drivers directory
        Executes dropped EXE
        
        PID:2872
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        42⤵
        Executes dropped EXE
        
        PID:2304
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        43⤵
        Executes dropped EXE
        
        PID:1100
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        44⤵
        Executes dropped EXE
        
        PID:2588
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        45⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2212
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        46⤵
        Executes dropped EXE
        
        PID:2964
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        47⤵
        Executes dropped EXE
        
        PID:1140
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        48⤵
        Executes dropped EXE
        
        PID:2948
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        49⤵
        Executes dropped EXE
        
        PID:1216
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        50⤵
        Executes dropped EXE
        
        PID:444
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        51⤵
        Executes dropped EXE
        
        PID:2984
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        52⤵
        Executes dropped EXE
        
        PID:2936
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        53⤵
        Executes dropped EXE
        
        PID:1064
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        54⤵
        Executes dropped EXE
        
        PID:1688
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        55⤵
        Executes dropped EXE
        
        PID:2424
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        56⤵
        Executes dropped EXE
        
        PID:2716
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        57⤵
        Drops file in Drivers directory
        Executes dropped EXE
        
        PID:2156
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        58⤵
        Executes dropped EXE
        
        PID:2716
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        59⤵
        Drops file in Drivers directory
        Executes dropped EXE
        
        PID:3132
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        60⤵
        Executes dropped EXE
        
        PID:3200
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        61⤵
        Executes dropped EXE
        
        PID:3264
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        62⤵
        Drops file in Drivers directory
        Executes dropped EXE
        
        PID:3500
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        63⤵
        Executes dropped EXE
        
        PID:3668
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        64⤵
        Drops file in Drivers directory
        Executes dropped EXE
        
        PID:3840
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        65⤵
        Executes dropped EXE
        
        PID:4008
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        66⤵
        Drops file in Drivers directory
        
        PID:1576
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        67⤵
        Drops file in Drivers directory
        
        PID:916
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        68⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        69⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        70⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        71⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        72⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        73⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        74⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        75⤵
        Drops file in Drivers directory
        
        PID:3648
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        76⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        77⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        78⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        79⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        80⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        81⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        82⤵
        
        PID:892
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        83⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        84⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        85⤵
        Drops file in Drivers directory
        
        PID:3920
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        86⤵
        Drops file in Drivers directory
        
        PID:3692
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        87⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        88⤵
        
        PID:836
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        89⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        90⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        91⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        92⤵
        Drops file in System32 directory
        
        PID:3076
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        93⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        94⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        95⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        96⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        97⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\MMHADPQG1091.exe
        
        C:\Windows\system32\MMHADPQG1091.exe
        98⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259510408.bat
        97⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259509956.bat
        96⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259509628.bat
        95⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        96⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259509363.bat
        94⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        95⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259509129.bat
        93⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        94⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259508864.bat
        92⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        93⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259508443.bat
        91⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        92⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        92⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259508224.bat
        90⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        91⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        91⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259508053.bat
        89⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        90⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        90⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259507803.bat
        88⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        89⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        89⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259507366.bat
        87⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        88⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        88⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259507085.bat
        86⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        87⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        87⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        87⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259506976.bat
        85⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        86⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        86⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        86⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259506711.bat
        84⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        85⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        85⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        85⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259506524.bat
        83⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        84⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        84⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        84⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259506259.bat
        82⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        83⤵
        
        PID:3300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        83⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        83⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        83⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259506087.bat
        81⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        82⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        82⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        82⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        82⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        82⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259505869.bat
        80⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        81⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        81⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        81⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        81⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259505572.bat
        79⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        80⤵
        
        PID:1216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        80⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        80⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        80⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259505369.bat
        78⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        79⤵
        
        PID:3236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        79⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        79⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        79⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259505213.bat
        77⤵
        
        PID:3704
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        78⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        78⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        78⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        78⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259504839.bat
        76⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        77⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        77⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        77⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        77⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        77⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259504511.bat
        75⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        76⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        76⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        76⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        76⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        76⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259504449.bat
        74⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        75⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        75⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        75⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        75⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        75⤵
        Drops file in System32 directory
        
        PID:3352
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259504340.bat
        73⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        74⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        74⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        74⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        74⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        74⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        74⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259504090.bat
        72⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        73⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        73⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        73⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        73⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        73⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        73⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259503716.bat
        71⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        72⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        72⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        72⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        72⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        72⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        72⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        72⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259503513.bat
        70⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        71⤵
        
        PID:764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        71⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        71⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        71⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        71⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        71⤵
        
        PID:3300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        71⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259503279.bat
        69⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        70⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        70⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        70⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        70⤵
        
        PID:836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        70⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        70⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        70⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259503092.bat
        68⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        69⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        69⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        69⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        69⤵
        
        PID:3868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        69⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        69⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        69⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259502842.bat
        67⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        68⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        68⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        68⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        68⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        68⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        68⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        68⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259502608.bat
        66⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        67⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        67⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        67⤵
        
        PID:4012
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        67⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        67⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        67⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        67⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        67⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259502483.bat
        65⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        66⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        66⤵
        
        PID:380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        66⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        66⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        66⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        66⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        66⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        66⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259502312.bat
        64⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        65⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        65⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        65⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        65⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        65⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        65⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        65⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        65⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259502249.bat
        63⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        64⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        64⤵
        
        PID:3340
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        64⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        64⤵
        Drops file in System32 directory
        
        PID:4052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        64⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        64⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        64⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        64⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        64⤵
        Drops file in System32 directory
        
        PID:4472
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501859.bat
        62⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        63⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        63⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        63⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        63⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        63⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        63⤵
        
        PID:3600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        63⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        63⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        63⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501641.bat
        61⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        62⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        62⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        62⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        62⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        62⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        62⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        62⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        62⤵
        
        PID:408
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501547.bat
        60⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        61⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        61⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        61⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        61⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        61⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        61⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        61⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        61⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        61⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501532.bat
        59⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        60⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        60⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        60⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        60⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        60⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        60⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        60⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        60⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        60⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        60⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501501.bat
        58⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        59⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        59⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        59⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        59⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        59⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        59⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        59⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        59⤵
        
        PID:3688
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        59⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501469.bat
        57⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        58⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        58⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        58⤵
        
        PID:3868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        58⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        58⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        58⤵
        
        PID:764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        58⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        58⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        58⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        58⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501454.bat
        56⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        57⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        57⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        57⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        57⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        57⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        57⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        57⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        57⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        57⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501438.bat
        55⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        56⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        56⤵
        
        PID:3124
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        56⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        56⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        56⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        56⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        56⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        56⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        56⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        56⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501407.bat
        54⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        55⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        55⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        55⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        55⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        55⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        55⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        55⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        55⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        55⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        55⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        55⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501391.bat
        53⤵
        
        PID:884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        54⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        54⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        54⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        54⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        54⤵
        
        PID:3092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        54⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        54⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        54⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        54⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        54⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501376.bat
        52⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        53⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        53⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        53⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        53⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        53⤵
        System Location Discovery: System Language Discovery
        
        PID:3632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        53⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        53⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        53⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        53⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        53⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        53⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501360.bat
        51⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        52⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        52⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        52⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        52⤵
        
        PID:1216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        52⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        52⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        52⤵
        
        PID:3556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        52⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        52⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        52⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        52⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501329.bat
        50⤵
        
        PID:900
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        51⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        51⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        51⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        51⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        51⤵
        
        PID:3124
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        51⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        51⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        51⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        51⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        51⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501313.bat
        49⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        50⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        50⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        50⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        50⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        50⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        50⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        50⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        50⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        50⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        50⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501282.bat
        48⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        49⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        49⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        49⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        49⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        49⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        49⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        49⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        49⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        49⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501267.bat
        47⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        48⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        48⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        48⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        48⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        48⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        48⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        48⤵
        
        PID:408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        48⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        48⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        48⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501235.bat
        46⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        47⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        47⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        47⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        47⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        47⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        47⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        47⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        47⤵
        Drops file in System32 directory
        
        PID:3848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        47⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        47⤵
        
        PID:3916
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501220.bat
        45⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        46⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        46⤵
        
        PID:836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        46⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        46⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        46⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        46⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        46⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        46⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        46⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501189.bat
        44⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        45⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        45⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        45⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        45⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        45⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        45⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        45⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        45⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        45⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        45⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501173.bat
        43⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        44⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        44⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        44⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        44⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        44⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        44⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        44⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        44⤵
        
        PID:3380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        44⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        44⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501157.bat
        42⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        43⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        43⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        43⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        43⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        43⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        43⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        43⤵
        Views/modifies file attributes
        
        PID:3764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        43⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        43⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        43⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        43⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501126.bat
        41⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        42⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        42⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        42⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        42⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        42⤵
        
        PID:3720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        42⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        42⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        42⤵
        
        PID:408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        42⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501111.bat
        40⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        41⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        41⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        41⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        41⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        41⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        41⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        41⤵
        
        PID:3688
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        41⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        41⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501079.bat
        39⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        40⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        40⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        40⤵
        System Location Discovery: System Language Discovery
        
        PID:2432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        40⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        40⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        40⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        40⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        40⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        40⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        40⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        40⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        40⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501064.bat
        38⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        39⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        39⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        39⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        39⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        39⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        39⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        39⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        39⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        39⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        39⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501033.bat
        37⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        38⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        38⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        38⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        38⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        38⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        38⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        38⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        38⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        38⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        38⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        38⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259501001.bat
        36⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        37⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        37⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        37⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        37⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        37⤵
        
        PID:3728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        37⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        37⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        37⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        37⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500986.bat
        35⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        36⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        36⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        36⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        36⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        36⤵
        Views/modifies file attributes
        
        PID:3136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        36⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        36⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        36⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        36⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        36⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500970.bat
        34⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        35⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        35⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        35⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        35⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        35⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        35⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        35⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        35⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        35⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        35⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500939.bat
        33⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        34⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        34⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        34⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        34⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        34⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        34⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        34⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        34⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        34⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        34⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        34⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        34⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        34⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500923.bat
        32⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        33⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        33⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        33⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        33⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        33⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        33⤵
        Views/modifies file attributes
        
        PID:4068
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        33⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        33⤵
        
        PID:3728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        33⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        33⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500908.bat
        31⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        32⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        32⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        32⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        32⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        32⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        32⤵
        System Location Discovery: System Language Discovery
        
        PID:2164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        32⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        32⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        32⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        32⤵
        Drops file in System32 directory
        
        PID:3356
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        32⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500877.bat
        30⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        31⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        31⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        31⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        31⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        31⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        31⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        31⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        31⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        31⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        31⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500861.bat
        29⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        30⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        30⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        30⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        30⤵
        
        PID:3124
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        30⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        30⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        30⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        30⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        30⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        30⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        30⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500830.bat
        28⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        29⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        29⤵
        
        PID:3092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        29⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        29⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        29⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        29⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        29⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        29⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        29⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500814.bat
        27⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        28⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        28⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        28⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        28⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        28⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        28⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        28⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        28⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        28⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        28⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        28⤵
        
        PID:3728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        28⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500799.bat
        26⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        27⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        27⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        27⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        27⤵
        
        PID:408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        27⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        27⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        27⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        27⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        27⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500783.bat
        25⤵
        
        PID:640
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        26⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        26⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        26⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        26⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        26⤵
        
        PID:3236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        26⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        26⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        26⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        26⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        26⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500752.bat
        24⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        25⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        25⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        25⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        25⤵
        
        PID:3212
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        25⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        25⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        25⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        25⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        25⤵
        
        PID:1216
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500721.bat
        23⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        24⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        24⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        24⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        24⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        24⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        24⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        24⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        24⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        24⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        24⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        24⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500705.bat
        22⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        23⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        23⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        23⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        23⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        23⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        23⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        23⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        23⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        23⤵
        Views/modifies file attributes
        
        PID:3724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        23⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500674.bat
        21⤵
        
        PID:848
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        22⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        22⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        22⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        22⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        22⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        22⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        22⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        22⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        22⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        22⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        22⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500658.bat
        20⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        21⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        21⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        21⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        21⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        21⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        21⤵
        
        PID:3380
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        21⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        21⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        21⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        21⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500643.bat
        19⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        20⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        20⤵
        Views/modifies file attributes
        
        PID:3716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        20⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        20⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        20⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        20⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        20⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        20⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        20⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        20⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500611.bat
        18⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        19⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        19⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        19⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        19⤵
        Views/modifies file attributes
        
        PID:3828
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        19⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        19⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        19⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        19⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        19⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        19⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500596.bat
        17⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        18⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        18⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        18⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        18⤵
        Views/modifies file attributes
        
        PID:1820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        18⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        18⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        18⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        18⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        18⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        18⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        18⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500487.bat
        16⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        17⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        17⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        17⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        17⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        17⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        17⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        17⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        17⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        17⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        17⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500409.bat
        15⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        16⤵
        
        PID:836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        16⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        16⤵
        
        PID:3868
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        16⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        16⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        16⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        16⤵
        Views/modifies file attributes
        
        PID:3860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        16⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        16⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        16⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        16⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500362.bat
        14⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        15⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        15⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        15⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        15⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        15⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        15⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        15⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        15⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        15⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        15⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500315.bat
        13⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        14⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        14⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        14⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        14⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        14⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        14⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        14⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        14⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        14⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        14⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500268.bat
        12⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        13⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        13⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        13⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        13⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        13⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        13⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        13⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        13⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        13⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        13⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        13⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        13⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500221.bat
        11⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        12⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        12⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        12⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        12⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        12⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        12⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        12⤵
        Views/modifies file attributes
        
        PID:3644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        12⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        12⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        12⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        12⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500175.bat
        10⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        11⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        11⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        11⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        11⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        11⤵
        
        PID:408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        11⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        11⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        11⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        11⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        11⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        11⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        11⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        11⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        11⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        11⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500128.bat
        9⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        10⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        10⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        10⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        10⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        10⤵
        
        PID:764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        10⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        10⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        10⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        10⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        10⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        10⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        10⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        10⤵
        
        PID:1216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        10⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500081.bat
        8⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        9⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        9⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        9⤵
        
        PID:892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        9⤵
        
        PID:828
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        9⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        9⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        9⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        9⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        9⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        9⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        9⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        9⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        9⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500065.bat
        7⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        8⤵
        
        PID:1760
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        8⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        8⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        8⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        8⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        8⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        8⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        8⤵
        Drops file in System32 directory
        
        PID:3424
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        8⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        8⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        8⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        8⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        8⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        8⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        8⤵
        
        PID:2996
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500034.bat
        6⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        7⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        7⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        7⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        7⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        7⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        7⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        7⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        7⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        7⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        7⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        7⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        7⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        7⤵
        
        PID:3556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        7⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        7⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        7⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        7⤵
        
        PID:2936
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\dbd6d2d8314b259500019.bat
        5⤵
        
        PID:2708
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        6⤵
        
        PID:632
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        6⤵
        
        PID:1720
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        6⤵
        
        PID:2688
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        6⤵
        
        PID:904
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        6⤵
        
        PID:1476
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        6⤵
        
        PID:1320
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        6⤵
        
        PID:2912
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        6⤵
        
        PID:1972
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        6⤵
        
        PID:3684
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        6⤵
        
        PID:3224
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        6⤵
        
        PID:4036
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        6⤵
        
        PID:3928
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        6⤵
        
        PID:3724
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        6⤵
        
        PID:3468
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        6⤵
        
        PID:2120
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        6⤵
        
        PID:1820
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        6⤵
        
        PID:4464
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\dbd6d2d8314b259499987.bat
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2976
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:1324
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:2236
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:1240
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:2548
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:2188
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:1244
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:2964
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:2384
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:3612
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:3920
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:380
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:2164
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:3876
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:3372
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:4076
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:1972
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:3860
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
        5⤵
        
        PID:3712
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\dbd6d2d8314b259499972.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:2740
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:316
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:1504
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:2064
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:2180
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:2208
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:2084
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:2924
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:1616
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:3604
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:956
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:4044
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:3152
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:3600
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:3132
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:3564
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:1976
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:3116
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MMHADPQG1091.exe" -r -a -s -h
      4⤵
      PID:4208
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\dbd6d2d8314b259499941.bat
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2036
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Users\Admin\AppData\Local\Temp\04836c4e5262e9b60c4d94168654b37d_JaffaCakes118.exe" -r -a -s -h
    3⤵
    PID:2720

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "603931834-448790508-17780024452110074402176195086113924067013050225421972938352"
1⤵
PID:2400

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "6188138791850635960-18939143811995827-66688842398362111432182209-951690007"
1⤵
PID:2084

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-866120485-539309099-91382028091409768734427422515223634022847568851682139712"
1⤵
PID:2940

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "846092586-12237910382025774934-3852289861555873777-97984039222524851731901932"
1⤵
PID:2364

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-441606670139328902017737906021025115924-458183100821787175-954172121473294241"
1⤵
PID:444

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-196142074-219842431959656903251696540-1245278898-1729599280-816703616364009346"
1⤵
PID:2588

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1493108859-870970746-386724711304509170-372561877-8089532001079671955-1795429995"
1⤵
PID:2212

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1452060801606459577844263516431045947397943247-890004102-808913582-111632431"
1⤵
PID:1688

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-192233132919492221461114953875-1744918951-1562426555-19329793011728331934-180762070"
1⤵
PID:3980

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "523499248-14160755511332111994-523417462-161973711779310186516532387821700282595"
1⤵
PID:3340

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "341860390-840219687542356184-1624198684353205450-573986622-28704769-1781773794"
1⤵
PID:380

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "3028136611179986440-336115437143481298927016205-1613051899930205817-1843472656"
1⤵
PID:3752

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "933037872-4883985729165778620779745041802649702150080843620662562101173535136"
1⤵
PID:2668

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "377115677-1851358916-2112079042658602267-67442074138814815-414449643155031609"
1⤵
PID:4012

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "52152502-2140237426-163055706-275292488-811195276-1917809265-1835732205-453302676"
1⤵
PID:2156

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2101737350-2026137289-983492071628666198-1966140950593044868-1718103976-719956596"
1⤵
PID:3360

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-187787136-2097385644105094210-2030120751782787537-275817236255555557-1311184941"
1⤵
PID:3676

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1401317987132997049-21156114861231903798-841165633594175458-8193524442030601479"
1⤵
PID:3868

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1170988625-1912331505277926561-16552733371891262145-797609095-16115247781958300331"
1⤵
PID:3456

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-101092475414860936791754394683-13396730611636106903-1253770365-380284128-411984037"
1⤵
PID:1100

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "493847291-68382336520295302101608527135748966311434007851616736412-108925687"
1⤵
PID:3296

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-869411049-14712472491629328431621336652-16454998181784032247267550280-1364336450"
1⤵
PID:3432

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-57584178859435579197193657517408591541121310240-140230771615192018722038246107"
1⤵
PID:4000

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-203247389517274510548142636991626065019-1558084416-1006716455063051-387384024"
1⤵
PID:3804

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-771900880-1187334332172475077826961123-2010955344846420185-1064840588-1334760579"
1⤵
PID:3960

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1259558704893052913-1956526841709463270-21445631874278682-963403435-1168664341"
1⤵
PID:4080

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "597460745-300954189-2026033357-19913710631185216016-837637475-13619662231541380785"
1⤵
PID:3884

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1096794906473127181-1620197775-207944083128314363-19392136742082323912-1123903968"
1⤵
PID:3300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\drivers\Hdv32.sys

Filesize
2KB

MD5
9f43e9526b60a26bd775740aacdba1aa

SHA1
56e967d418be90269ad0a86be4bde96345230f74

SHA256
c26a4c6d7c0cc2b14dcacc0f719cd0b1264eb1c51e955ff2e4829cb47d313739

SHA512
beb1abac2f43304f3c42ae8725bd6e92b56ebc12154c9a91801a39a74b2989dc238e1b64e2e6a6257be197390dfc624b174b788519922d0028e1eceeceb79952

Download Submit
C:\dbd6d2d8314b259499941.bat

Filesize
333B

MD5
d9828f6ef0c5feecd773d8c54f168aff

SHA1
47a9960d61017c2bb942a3884630a664d7440f7f

SHA256
2b678bd219299a14ce66b343e7033fc01cf230436b1ce29acfce52a7cdff7266

SHA512
ee8d2a8e0ba07a98ffcb80be821f23df1523b6afd1083a9489775d73c593e23ec7820d1c1abad297bf3c75b4f5fee617693caa3742a441dec980b89071b2c802

Download Submit
C:\dbd6d2d8314b259499972.bat

Filesize
189B

MD5
b76178d9002ddb2b109eb0532a648a30

SHA1
e87d8fc1e8f7c29d669c51bc47ca337e690141ec

SHA256
5d942c9820c16b581f1c8e4e68495fb4425d363a7b2dfe18a100cbe17a8e4713

SHA512
a8933e4438aa9c9f2942f64eb971bdc389ac22f7fdd867a9c5251accf12d57ff90b2869a6f569fa7875dedd5aab2a7789fbdd6887f0b13c6038fdd9ef684264f

Download Submit
\Windows\SysWOW64\MMHADPQG1091.exe

Filesize
83KB

MD5
04836c4e5262e9b60c4d94168654b37d

SHA1
2e1fb185998a664c3873a12a641d2a475f06ff67

SHA256
ba919d09dd0d7c9b00e937e756da203cc41509a377af3c2262f65d5f055fcf6b

SHA512
653fce45b5c7c9403484ad3d8f9928b507878f32269147ebf1c055b751166f66bea64af73040f7c347a07cb3afb962fa3b85a6654d2f0fbd2209ca5331ab74ae

Download Submit