4c6d326c563e090bcbe21a2f62b4a4601d8ae2b35d9742cf2ce9e88c0ef600e7

Analysis

max time kernel
145s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0bb2540a16bb6fa492f915a2f2cd51ff_JaffaCakes118.exe
Size

34KB
MD5

0bb2540a16bb6fa492f915a2f2cd51ff
SHA1

d77183713d3962d649641f7ddeeafc4b7593d8f4
SHA256

4c6d326c563e090bcbe21a2f62b4a4601d8ae2b35d9742cf2ce9e88c0ef600e7
SHA512

13b45bdec5815c9afb252bf302e8bb48468fadfc18449cedb7e93771c23604783fbaa62e5e20733ed3c36b0523c916dd789d6c9bca197b7c3acd47953b35d838
SSDEEP

384:txyOfAlV4Jf/zPz3eYSYMOBv0igWC/2zO+OANhvl9XryyEDBHy5GsFOAPxVAs:mOfHzmYMOBMNaO+OArvDGHyBIADAs

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2340	0bb2540a16bb6fa492f915a2f2cd51ff_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 2796	2340	0bb2540a16bb6fa492f915a2f2cd51ff_JaffaCakes118.exe	28
PID 2340 wrote to memory of 2796	2340	0bb2540a16bb6fa492f915a2f2cd51ff_JaffaCakes118.exe	28
PID 2340 wrote to memory of 2796	2340	0bb2540a16bb6fa492f915a2f2cd51ff_JaffaCakes118.exe	28
PID 2340 wrote to memory of 2796	2340	0bb2540a16bb6fa492f915a2f2cd51ff_JaffaCakes118.exe	28
PID 2796 wrote to memory of 2684	2796	WScript.exe	29
PID 2796 wrote to memory of 2684	2796	WScript.exe	29
PID 2796 wrote to memory of 2684	2796	WScript.exe	29
PID 2796 wrote to memory of 2684	2796	WScript.exe	29
PID 2684 wrote to memory of 2600	2684	cmd.exe	31
PID 2684 wrote to memory of 2600	2684	cmd.exe	31
PID 2684 wrote to memory of 2600	2684	cmd.exe	31
PID 2684 wrote to memory of 2600	2684	cmd.exe	31
PID 2684 wrote to memory of 2716	2684	cmd.exe	32
PID 2684 wrote to memory of 2716	2684	cmd.exe	32
PID 2684 wrote to memory of 2716	2684	cmd.exe	32
PID 2684 wrote to memory of 2716	2684	cmd.exe	32
PID 2684 wrote to memory of 2632	2684	cmd.exe	33
PID 2684 wrote to memory of 2632	2684	cmd.exe	33
PID 2684 wrote to memory of 2632	2684	cmd.exe	33
PID 2684 wrote to memory of 2632	2684	cmd.exe	33
PID 2684 wrote to memory of 2616	2684	cmd.exe	34
PID 2684 wrote to memory of 2616	2684	cmd.exe	34
PID 2684 wrote to memory of 2616	2684	cmd.exe	34
PID 2684 wrote to memory of 2616	2684	cmd.exe	34
PID 2684 wrote to memory of 2772	2684	cmd.exe	35
PID 2684 wrote to memory of 2772	2684	cmd.exe	35
PID 2684 wrote to memory of 2772	2684	cmd.exe	35
PID 2684 wrote to memory of 2772	2684	cmd.exe	35
PID 2684 wrote to memory of 2712	2684	cmd.exe	36
PID 2684 wrote to memory of 2712	2684	cmd.exe	36
PID 2684 wrote to memory of 2712	2684	cmd.exe	36
PID 2684 wrote to memory of 2712	2684	cmd.exe	36
PID 2684 wrote to memory of 2708	2684	cmd.exe	37
PID 2684 wrote to memory of 2708	2684	cmd.exe	37
PID 2684 wrote to memory of 2708	2684	cmd.exe	37
PID 2684 wrote to memory of 2708	2684	cmd.exe	37
PID 2684 wrote to memory of 2452	2684	cmd.exe	38
PID 2684 wrote to memory of 2452	2684	cmd.exe	38
PID 2684 wrote to memory of 2452	2684	cmd.exe	38
PID 2684 wrote to memory of 2452	2684	cmd.exe	38
PID 2684 wrote to memory of 2500	2684	cmd.exe	39
PID 2684 wrote to memory of 2500	2684	cmd.exe	39
PID 2684 wrote to memory of 2500	2684	cmd.exe	39
PID 2684 wrote to memory of 2500	2684	cmd.exe	39
PID 2684 wrote to memory of 2888	2684	cmd.exe	40
PID 2684 wrote to memory of 2888	2684	cmd.exe	40
PID 2684 wrote to memory of 2888	2684	cmd.exe	40
PID 2684 wrote to memory of 2888	2684	cmd.exe	40
PID 2684 wrote to memory of 2900	2684	cmd.exe	41
PID 2684 wrote to memory of 2900	2684	cmd.exe	41
PID 2684 wrote to memory of 2900	2684	cmd.exe	41
PID 2684 wrote to memory of 2900	2684	cmd.exe	41
PID 2684 wrote to memory of 2904	2684	cmd.exe	42
PID 2684 wrote to memory of 2904	2684	cmd.exe	42
PID 2684 wrote to memory of 2904	2684	cmd.exe	42
PID 2684 wrote to memory of 2904	2684	cmd.exe	42
PID 2684 wrote to memory of 1952	2684	cmd.exe	43
PID 2684 wrote to memory of 1952	2684	cmd.exe	43
PID 2684 wrote to memory of 1952	2684	cmd.exe	43
PID 2684 wrote to memory of 1952	2684	cmd.exe	43
PID 2684 wrote to memory of 2752	2684	cmd.exe	44
PID 2684 wrote to memory of 2752	2684	cmd.exe	44
PID 2684 wrote to memory of 2752	2684	cmd.exe	44
PID 2684 wrote to memory of 2752	2684	cmd.exe	44

C:\Users\Admin\AppData\Local\Temp\0bb2540a16bb6fa492f915a2f2cd51ff_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0bb2540a16bb6fa492f915a2f2cd51ff_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\down0\HKULBIBU52C7B7C5B073.vbs" 0
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c C:\down0\HKULBIBU52C7B7C5B073.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Windows\SysWOW64\at.exe
      at 00:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2600
  - - C:\Windows\SysWOW64\at.exe
      at 00:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2716
  - - C:\Windows\SysWOW64\at.exe
      at 00:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2632
  - - C:\Windows\SysWOW64\at.exe
      at 00:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2616
  - - C:\Windows\SysWOW64\at.exe
      at 00:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2772
  - - C:\Windows\SysWOW64\at.exe
      at 00:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2712
  - - C:\Windows\SysWOW64\at.exe
      at 00:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2708
  - - C:\Windows\SysWOW64\at.exe
      at 00:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2452
  - - C:\Windows\SysWOW64\at.exe
      at 00:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2500
  - - C:\Windows\SysWOW64\at.exe
      at 00:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2888
  - - C:\Windows\SysWOW64\at.exe
      at 00:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2900
  - - C:\Windows\SysWOW64\at.exe
      at 00:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2904
  - - C:\Windows\SysWOW64\at.exe
      at 01:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1952
  - - C:\Windows\SysWOW64\at.exe
      at 01:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2752
  - - C:\Windows\SysWOW64\at.exe
      at 01:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2788
  - - C:\Windows\SysWOW64\at.exe
      at 01:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:3000
  - - C:\Windows\SysWOW64\at.exe
      at 01:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2124
  - - C:\Windows\SysWOW64\at.exe
      at 01:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1304
  - - C:\Windows\SysWOW64\at.exe
      at 01:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2348
  - - C:\Windows\SysWOW64\at.exe
      at 01:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1772
  - - C:\Windows\SysWOW64\at.exe
      at 01:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1364
  - - C:\Windows\SysWOW64\at.exe
      at 01:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2420
  - - C:\Windows\SysWOW64\at.exe
      at 01:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1464
  - - C:\Windows\SysWOW64\at.exe
      at 01:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1532
  - - C:\Windows\SysWOW64\at.exe
      at 02:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:880
  - - C:\Windows\SysWOW64\at.exe
      at 02:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2092
  - - C:\Windows\SysWOW64\at.exe
      at 02:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2100
  - - C:\Windows\SysWOW64\at.exe
      at 02:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2836
  - - C:\Windows\SysWOW64\at.exe
      at 02:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2436
  - - C:\Windows\SysWOW64\at.exe
      at 02:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1328
  - - C:\Windows\SysWOW64\at.exe
      at 02:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1928
  - - C:\Windows\SysWOW64\at.exe
      at 02:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1180
  - - C:\Windows\SysWOW64\at.exe
      at 02:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:600
  - - C:\Windows\SysWOW64\at.exe
      at 02:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:532
  - - C:\Windows\SysWOW64\at.exe
      at 02:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1068
  - - C:\Windows\SysWOW64\at.exe
      at 02:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:976
  - - C:\Windows\SysWOW64\at.exe
      at 03:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1812
  - - C:\Windows\SysWOW64\at.exe
      at 03:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:924
  - - C:\Windows\SysWOW64\at.exe
      at 03:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:932
  - - C:\Windows\SysWOW64\at.exe
      at 03:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1008
  - - C:\Windows\SysWOW64\at.exe
      at 03:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1164
  - - C:\Windows\SysWOW64\at.exe
      at 03:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:3064
  - - C:\Windows\SysWOW64\at.exe
      at 03:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:792
  - - C:\Windows\SysWOW64\at.exe
      at 03:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1568
  - - C:\Windows\SysWOW64\at.exe
      at 03:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:980
  - - C:\Windows\SysWOW64\at.exe
      at 03:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:624
  - - C:\Windows\SysWOW64\at.exe
      at 03:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2196
  - - C:\Windows\SysWOW64\at.exe
      at 03:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1080
  - - C:\Windows\SysWOW64\at.exe
      at 04:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:380
  - - C:\Windows\SysWOW64\at.exe
      at 04:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2804
  - - C:\Windows\SysWOW64\at.exe
      at 04:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1752
  - - C:\Windows\SysWOW64\at.exe
      at 04:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:3028
  - - C:\Windows\SysWOW64\at.exe
      at 04:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2236
  - - C:\Windows\SysWOW64\at.exe
      at 04:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2160
  - - C:\Windows\SysWOW64\at.exe
      at 04:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2416
  - - C:\Windows\SysWOW64\at.exe
      at 04:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:904
  - - C:\Windows\SysWOW64\at.exe
      at 04:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2932
  - - C:\Windows\SysWOW64\at.exe
      at 04:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:3048
  - - C:\Windows\SysWOW64\at.exe
      at 04:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1592
  - - C:\Windows\SysWOW64\at.exe
      at 04:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:3052
  - - C:\Windows\SysWOW64\at.exe
      at 05:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2664
  - - C:\Windows\SysWOW64\at.exe
      at 05:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2796
  - - C:\Windows\SysWOW64\at.exe
      at 05:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2580
  - - C:\Windows\SysWOW64\at.exe
      at 05:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2720
  - - C:\Windows\SysWOW64\at.exe
      at 05:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2988
  - - C:\Windows\SysWOW64\at.exe
      at 05:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2492
  - - C:\Windows\SysWOW64\at.exe
      at 05:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2760
  - - C:\Windows\SysWOW64\at.exe
      at 05:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2620
  - - C:\Windows\SysWOW64\at.exe
      at 05:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2568
  - - C:\Windows\SysWOW64\at.exe
      at 05:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2468
  - - C:\Windows\SysWOW64\at.exe
      at 05:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2576
  - - C:\Windows\SysWOW64\at.exe
      at 05:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2204
  - - C:\Windows\SysWOW64\at.exe
      at 06:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2900
  - - C:\Windows\SysWOW64\at.exe
      at 06:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2904
  - - C:\Windows\SysWOW64\at.exe
      at 06:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2784
  - - C:\Windows\SysWOW64\at.exe
      at 06:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1824
  - - C:\Windows\SysWOW64\at.exe
      at 06:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2144
  - - C:\Windows\SysWOW64\at.exe
      at 06:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2284
  - - C:\Windows\SysWOW64\at.exe
      at 06:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1596
  - - C:\Windows\SysWOW64\at.exe
      at 06:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2304
  - - C:\Windows\SysWOW64\at.exe
      at 06:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1828
  - - C:\Windows\SysWOW64\at.exe
      at 06:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1976
  - - C:\Windows\SysWOW64\at.exe
      at 06:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2288
  - - C:\Windows\SysWOW64\at.exe
      at 06:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2272
  - - C:\Windows\SysWOW64\at.exe
      at 07:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1532
  - - C:\Windows\SysWOW64\at.exe
      at 07:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:880
  - - C:\Windows\SysWOW64\at.exe
      at 07:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1924
  - - C:\Windows\SysWOW64\at.exe
      at 07:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2440
  - - C:\Windows\SysWOW64\at.exe
      at 07:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1740
  - - C:\Windows\SysWOW64\at.exe
      at 07:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2672
  - - C:\Windows\SysWOW64\at.exe
      at 07:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2316
  - - C:\Windows\SysWOW64\at.exe
      at 07:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:384
  - - C:\Windows\SysWOW64\at.exe
      at 07:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:700
  - - C:\Windows\SysWOW64\at.exe
      at 07:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:652
  - - C:\Windows\SysWOW64\at.exe
      at 07:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:572
  - - C:\Windows\SysWOW64\at.exe
      at 07:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1504
  - - C:\Windows\SysWOW64\at.exe
      at 08:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1708
  - - C:\Windows\SysWOW64\at.exe
      at 08:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:328
  - - C:\Windows\SysWOW64\at.exe
      at 08:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:932
  - - C:\Windows\SysWOW64\at.exe
      at 08:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1008
  - - C:\Windows\SysWOW64\at.exe
      at 08:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1320
  - - C:\Windows\SysWOW64\at.exe
      at 08:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1572
  - - C:\Windows\SysWOW64\at.exe
      at 08:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1048
  - - C:\Windows\SysWOW64\at.exe
      at 08:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:832
  - - C:\Windows\SysWOW64\at.exe
      at 08:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1880
  - - C:\Windows\SysWOW64\at.exe
      at 08:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2148
  - - C:\Windows\SysWOW64\at.exe
      at 08:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1088
  - - C:\Windows\SysWOW64\at.exe
      at 08:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:956
  - - C:\Windows\SysWOW64\at.exe
      at 09:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1288
  - - C:\Windows\SysWOW64\at.exe
      at 09:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2008
  - - C:\Windows\SysWOW64\at.exe
      at 09:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1780
  - - C:\Windows\SysWOW64\at.exe
      at 09:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1884
  - - C:\Windows\SysWOW64\at.exe
      at 09:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1724
  - - C:\Windows\SysWOW64\at.exe
      at 09:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1396
  - - C:\Windows\SysWOW64\at.exe
      at 09:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2388
  - - C:\Windows\SysWOW64\at.exe
      at 09:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2952
  - - C:\Windows\SysWOW64\at.exe
      at 09:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2312
  - - C:\Windows\SysWOW64\at.exe
      at 09:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1620
  - - C:\Windows\SysWOW64\at.exe
      at 09:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2656
  - - C:\Windows\SysWOW64\at.exe
      at 09:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:280
  - - C:\Windows\SysWOW64\at.exe
      at 10:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2560
  - - C:\Windows\SysWOW64\at.exe
      at 10:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2740
  - - C:\Windows\SysWOW64\at.exe
      at 10:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1332
  - - C:\Windows\SysWOW64\at.exe
      at 10:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2736
  - - C:\Windows\SysWOW64\at.exe
      at 10:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2200
  - - C:\Windows\SysWOW64\at.exe
      at 10:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2628
  - - C:\Windows\SysWOW64\at.exe
      at 10:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2504
  - - C:\Windows\SysWOW64\at.exe
      at 10:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2476
  - - C:\Windows\SysWOW64\at.exe
      at 10:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2528
  - - C:\Windows\SysWOW64\at.exe
      at 10:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2896
  - - C:\Windows\SysWOW64\at.exe
      at 10:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2164
  - - C:\Windows\SysWOW64\at.exe
      at 10:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:500
  - - C:\Windows\SysWOW64\at.exe
      at 11:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1952
  - - C:\Windows\SysWOW64\at.exe
      at 11:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2752
  - - C:\Windows\SysWOW64\at.exe
      at 11:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2264
  - - C:\Windows\SysWOW64\at.exe
      at 11:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1600
  - - C:\Windows\SysWOW64\at.exe
      at 11:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2432
  - - C:\Windows\SysWOW64\at.exe
      at 11:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2280
  - - C:\Windows\SysWOW64\at.exe
      at 11:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:320
  - - C:\Windows\SysWOW64\at.exe
      at 11:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:908
  - - C:\Windows\SysWOW64\at.exe
      at 11:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1364
  - - C:\Windows\SysWOW64\at.exe
      at 11:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1540
  - - C:\Windows\SysWOW64\at.exe
      at 11:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1464
  - - C:\Windows\SysWOW64\at.exe
      at 11:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2084
  - - C:\Windows\SysWOW64\at.exe
      at 12:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2244
  - - C:\Windows\SysWOW64\at.exe
      at 12:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2296
  - - C:\Windows\SysWOW64\at.exe
      at 12:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2756
  - - C:\Windows\SysWOW64\at.exe
      at 12:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2692
  - - C:\Windows\SysWOW64\at.exe
      at 12:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2152
  - - C:\Windows\SysWOW64\at.exe
      at 12:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1748
  - - C:\Windows\SysWOW64\at.exe
      at 12:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:540
  - - C:\Windows\SysWOW64\at.exe
      at 12:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:688
  - - C:\Windows\SysWOW64\at.exe
      at 12:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1664
  - - C:\Windows\SysWOW64\at.exe
      at 12:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1508
  - - C:\Windows\SysWOW64\at.exe
      at 12:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:3032
  - - C:\Windows\SysWOW64\at.exe
      at 12:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1812
  - - C:\Windows\SysWOW64\at.exe
      at 13:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:924
  - - C:\Windows\SysWOW64\at.exe
      at 13:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1116
  - - C:\Windows\SysWOW64\at.exe
      at 13:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1296
  - - C:\Windows\SysWOW64\at.exe
      at 13:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:3044
  - - C:\Windows\SysWOW64\at.exe
      at 13:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1712
  - - C:\Windows\SysWOW64\at.exe
      at 13:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:780
  - - C:\Windows\SysWOW64\at.exe
      at 13:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1392
  - - C:\Windows\SysWOW64\at.exe
      at 13:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2852
  - - C:\Windows\SysWOW64\at.exe
      at 13:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2196
  - - C:\Windows\SysWOW64\at.exe
      at 13:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1836
  - - C:\Windows\SysWOW64\at.exe
      at 13:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1176
  - - C:\Windows\SysWOW64\at.exe
      at 13:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2944
  - - C:\Windows\SysWOW64\at.exe
      at 14:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2000
  - - C:\Windows\SysWOW64\at.exe
      at 14:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1004
  - - C:\Windows\SysWOW64\at.exe
      at 14:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2236
  - - C:\Windows\SysWOW64\at.exe
      at 14:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2844
  - - C:\Windows\SysWOW64\at.exe
      at 14:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1524
  - - C:\Windows\SysWOW64\at.exe
      at 14:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1864
  - - C:\Windows\SysWOW64\at.exe
      at 14:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2192
  - - C:\Windows\SysWOW64\at.exe
      at 14:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1720
  - - C:\Windows\SysWOW64\at.exe
      at 14:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2540
  - - C:\Windows\SysWOW64\at.exe
      at 14:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1940
  - - C:\Windows\SysWOW64\at.exe
      at 14:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2744
  - - C:\Windows\SysWOW64\at.exe
      at 14:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2816
  - - C:\Windows\SysWOW64\at.exe
      at 15:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2812
  - - C:\Windows\SysWOW64\at.exe
      at 15:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2716
  - - C:\Windows\SysWOW64\at.exe
      at 15:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2728
  - - C:\Windows\SysWOW64\at.exe
      at 15:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2616
  - - C:\Windows\SysWOW64\at.exe
      at 15:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2220
  - - C:\Windows\SysWOW64\at.exe
      at 15:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2624
  - - C:\Windows\SysWOW64\at.exe
      at 15:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2708
  - - C:\Windows\SysWOW64\at.exe
      at 15:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2472
  - - C:\Windows\SysWOW64\at.exe
      at 15:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2500
  - - C:\Windows\SysWOW64\at.exe
      at 15:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1308
  - - C:\Windows\SysWOW64\at.exe
      at 15:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1996
  - - C:\Windows\SysWOW64\at.exe
      at 15:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2544
  - - C:\Windows\SysWOW64\at.exe
      at 16:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2768
  - - C:\Windows\SysWOW64\at.exe
      at 16:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2884
  - - C:\Windows\SysWOW64\at.exe
      at 16:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2276
  - - C:\Windows\SysWOW64\at.exe
      at 16:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2248
  - - C:\Windows\SysWOW64\at.exe
      at 16:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1304
  - - C:\Windows\SysWOW64\at.exe
      at 16:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1948
  - - C:\Windows\SysWOW64\at.exe
      at 16:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1476
  - - C:\Windows\SysWOW64\at.exe
      at 16:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1980
  - - C:\Windows\SysWOW64\at.exe
      at 16:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1548
  - - C:\Windows\SysWOW64\at.exe
      at 16:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:852
  - - C:\Windows\SysWOW64\at.exe
      at 16:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1784
  - - C:\Windows\SysWOW64\at.exe
      at 16:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2252
  - - C:\Windows\SysWOW64\at.exe
      at 17:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2052
  - - C:\Windows\SysWOW64\at.exe
      at 17:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2836
  - - C:\Windows\SysWOW64\at.exe
      at 17:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2436
  - - C:\Windows\SysWOW64\at.exe
      at 17:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2672
  - - C:\Windows\SysWOW64\at.exe
      at 17:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1928
  - - C:\Windows\SysWOW64\at.exe
      at 17:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:384
  - - C:\Windows\SysWOW64\at.exe
      at 17:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:700
  - - C:\Windows\SysWOW64\at.exe
      at 17:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:652
  - - C:\Windows\SysWOW64\at.exe
      at 17:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:572
  - - C:\Windows\SysWOW64\at.exe
      at 17:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1504
  - - C:\Windows\SysWOW64\at.exe
      at 17:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1708
  - - C:\Windows\SysWOW64\at.exe
      at 17:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:328
  - - C:\Windows\SysWOW64\at.exe
      at 18:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:932
  - - C:\Windows\SysWOW64\at.exe
      at 18:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1008
  - - C:\Windows\SysWOW64\at.exe
      at 18:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:3044
  - - C:\Windows\SysWOW64\at.exe
      at 18:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1712
  - - C:\Windows\SysWOW64\at.exe
      at 18:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:780
  - - C:\Windows\SysWOW64\at.exe
      at 18:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1392
  - - C:\Windows\SysWOW64\at.exe
      at 18:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2852
  - - C:\Windows\SysWOW64\at.exe
      at 18:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2148
  - - C:\Windows\SysWOW64\at.exe
      at 18:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1080
  - - C:\Windows\SysWOW64\at.exe
      at 18:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:956
  - - C:\Windows\SysWOW64\at.exe
      at 18:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2804
  - - C:\Windows\SysWOW64\at.exe
      at 18:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2008
  - - C:\Windows\SysWOW64\at.exe
      at 19:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:3028
  - - C:\Windows\SysWOW64\at.exe
      at 19:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1884
  - - C:\Windows\SysWOW64\at.exe
      at 19:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2160
  - - C:\Windows\SysWOW64\at.exe
      at 19:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1396
  - - C:\Windows\SysWOW64\at.exe
      at 19:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2388
  - - C:\Windows\SysWOW64\at.exe
      at 19:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2536
  - - C:\Windows\SysWOW64\at.exe
      at 19:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2312
  - - C:\Windows\SysWOW64\at.exe
      at 19:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:3052
  - - C:\Windows\SysWOW64\at.exe
      at 19:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2656
  - - C:\Windows\SysWOW64\at.exe
      at 19:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2796
  - - C:\Windows\SysWOW64\at.exe
      at 19:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2560
  - - C:\Windows\SysWOW64\at.exe
      at 19:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2780
  - - C:\Windows\SysWOW64\at.exe
      at 20:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2616
  - - C:\Windows\SysWOW64\at.exe
      at 20:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2220
  - - C:\Windows\SysWOW64\at.exe
      at 20:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2624
  - - C:\Windows\SysWOW64\at.exe
      at 20:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2708
  - - C:\Windows\SysWOW64\at.exe
      at 20:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2472
  - - C:\Windows\SysWOW64\at.exe
      at 20:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2396
  - - C:\Windows\SysWOW64\at.exe
      at 20:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1932
  - - C:\Windows\SysWOW64\at.exe
      at 20:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2500
  - - C:\Windows\SysWOW64\at.exe
      at 20:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1308
  - - C:\Windows\SysWOW64\at.exe
      at 20:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1996
  - - C:\Windows\SysWOW64\at.exe
      at 20:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2544
  - - C:\Windows\SysWOW64\at.exe
      at 20:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2768
  - - C:\Windows\SysWOW64\at.exe
      at 21:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2884
  - - C:\Windows\SysWOW64\at.exe
      at 21:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2276
  - - C:\Windows\SysWOW64\at.exe
      at 21:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2248
  - - C:\Windows\SysWOW64\at.exe
      at 21:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1304
  - - C:\Windows\SysWOW64\at.exe
      at 21:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:320
  - - C:\Windows\SysWOW64\at.exe
      at 21:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1544
  - - C:\Windows\SysWOW64\at.exe
      at 21:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1364
  - - C:\Windows\SysWOW64\at.exe
      at 21:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1776
  - - C:\Windows\SysWOW64\at.exe
      at 21:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1464
  - - C:\Windows\SysWOW64\at.exe
      at 21:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1784
  - - C:\Windows\SysWOW64\at.exe
      at 21:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2252
  - - C:\Windows\SysWOW64\at.exe
      at 21:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2052
  - - C:\Windows\SysWOW64\at.exe
      at 22:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2836
  - - C:\Windows\SysWOW64\at.exe
      at 22:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2436
  - - C:\Windows\SysWOW64\at.exe
      at 22:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2672
  - - C:\Windows\SysWOW64\at.exe
      at 22:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1928
  - - C:\Windows\SysWOW64\at.exe
      at 22:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:384
  - - C:\Windows\SysWOW64\at.exe
      at 22:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:700
  - - C:\Windows\SysWOW64\at.exe
      at 22:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:652
  - - C:\Windows\SysWOW64\at.exe
      at 22:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:572
  - - C:\Windows\SysWOW64\at.exe
      at 22:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1660
  - - C:\Windows\SysWOW64\at.exe
      at 22:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:408
  - - C:\Windows\SysWOW64\at.exe
      at 22:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2132
  - - C:\Windows\SysWOW64\at.exe
      at 22:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:792
  - - C:\Windows\SysWOW64\at.exe
      at 23:00 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1008
  - - C:\Windows\SysWOW64\at.exe
      at 23:05 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:3044
  - - C:\Windows\SysWOW64\at.exe
      at 23:10 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1712
  - - C:\Windows\SysWOW64\at.exe
      at 23:15 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:780
  - - C:\Windows\SysWOW64\at.exe
      at 23:20 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1392
  - - C:\Windows\SysWOW64\at.exe
      at 23:25 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2852
  - - C:\Windows\SysWOW64\at.exe
      at 23:30 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2148
  - - C:\Windows\SysWOW64\at.exe
      at 23:35 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:1080
  - - C:\Windows\SysWOW64\at.exe
      at 23:40 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:956
  - - C:\Windows\SysWOW64\at.exe
      at 23:45 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2804
  - - C:\Windows\SysWOW64\at.exe
      at 23:50 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:2008
  - - C:\Windows\SysWOW64\at.exe
      at 23:55 /every:m,t,w,th,f,s,su "C:\down0\HKULBIBU52C7B7C5B073.exe"
      4⤵
      PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\down0\HKULBIBU52C7B7C5B073.bat

Filesize
19KB

MD5
a90b7e71f46a1ebc9f5856a142388ae8

SHA1
5112367bb5136c654619530c40022cb7155e7436

SHA256
051a9c8da5cffde7e78a583c6d53fbba892bf0f984d46951e0a7d62d014f2b86

SHA512
047cbda28a007a381f3f5949072ab8f717225802c0904a5e7fe7dd27001df4a6744bf77614dec4fa0a49916ea9181291f7f11e11efdd7cd51f9e313056a63bce

Download Submit
C:\down0\HKULBIBU52C7B7C5B073.vbs

Filesize
81B

MD5
3338722c5bc7225c5c8016ebc1d54ec2

SHA1
e681764e517aad87a9f75d6f342741dd6f503bb3

SHA256
2c3fff9e1512936d5df29a5e2ce1c01a758bcb5cdd1f726bfd49a53a3481e9b6

SHA512
b64c1f3cf55bae2d14e522290c00e15b62446335805b5cccbf2be58839f01dcd2564ef8699511012ee4037bd36c7b7707e03f5e2034bec587cd01021155dafb1

Download Submit
memory/2340-0-0x0000000000400000-0x00000000004202B3-memory.dmp

Filesize
128KB

Download
memory/2340-1-0x0000000000400000-0x0000000000401000-memory.dmp

Filesize
4KB

Download
memory/2340-57-0x0000000000400000-0x00000000004202B3-memory.dmp

Filesize
128KB

Download
memory/2340-60-0x0000000000400000-0x0000000000401000-memory.dmp

Filesize
4KB

Download